CVE-2026-6494 in Ansible Automation Platforminformación

Resumen

por MITRE • 2026-04-17

A flaw was found in the AAP MCP server. An unauthenticated remote attacker can exploit a log injection vulnerability by sending specially crafted input to the `toolsetroute` parameter. This parameter is not properly sanitized before being written to logs, allowing the attacker to inject control characters such as newlines and ANSI escape sequences. This enables the attacker to obscure legitimate log entries and insert forged ones, which could facilitate social engineering attacks, potentially leading to an operator executing dangerous commands or visiting malicious URLs.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsable

Redhat

Reservar

2026-04-17

Divulgación

2026-04-17

Moderación

aceptado

Artículo

VDB-358045

CPE

listo

CWE

CWE-117 (confirmado)

CVSS

5.3 (CNA)

EPSS

0.00019

KEV

Actividades

muy bajo

Sector

Transportation, Telecommunication, ...

Fuentes

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-6494
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-6494
CVE Details	https://www.cvedetails.com/cve/CVE-2026-6494/

◂ Anterior Visión De Conjunto Próximo ▸

Do you know our Splunk app?

Download it now for free!