CVE-2026-6494 in Ansible Automation Platformالمعلومات

الملخص

بحسب MITRE • 17/04/2026

A flaw was found in the AAP MCP server. An unauthenticated remote attacker can exploit a log injection vulnerability by sending specially crafted input to the `toolsetroute` parameter. This parameter is not properly sanitized before being written to logs, allowing the attacker to inject control characters such as newlines and ANSI escape sequences. This enables the attacker to obscure legitimate log entries and insert forged ones, which could facilitate social engineering attacks, potentially leading to an operator executing dangerous commands or visiting malicious URLs.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

مسؤول

Redhat

حجز

17/04/2026

إفشاء

17/04/2026

الاعتدال

تمت الموافقة

إدخال

VDB-358045

CPE

جاهز

CWE

CWE-117 (مؤكد)

CVSS

5.3 (CNA)

EPSS

0.00019

KEV

لا

النشاطات

منخفض جدًا

القطاع

Pharma, Agriculture, ...

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-6494
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-6494
CVE Details	https://www.cvedetails.com/cve/CVE-2026-6494/

التالي ▸نظرة عامة ◂ السابق

Might our Artificial Intelligence support you?

Check our Alexa App!