CVE-2026-6494 in Ansible Automation Platforminformação

Sumário

de MITRE • 17/04/2026

A flaw was found in the AAP MCP server. An unauthenticated remote attacker can exploit a log injection vulnerability by sending specially crafted input to the `toolsetroute` parameter. This parameter is not properly sanitized before being written to logs, allowing the attacker to inject control characters such as newlines and ANSI escape sequences. This enables the attacker to obscure legitimate log entries and insert forged ones, which could facilitate social engineering attacks, potentially leading to an operator executing dangerous commands or visiting malicious URLs.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsável

Redhat

Reservar

17/04/2026

Divulgação

17/04/2026

Moderação

aceite

Entrada

VDB-358045

CPE

pronto

EPSS

0.00019

KEV

não

Atividades

muito baixo

Sector

Government, Industry, ...

Fontes

MITREhttps://www.cve.org/CVERecord?id=CVE-2026-6494
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2026-6494
CVE Detailshttps://www.cvedetails.com/cve/CVE-2026-6494/

VoltarVisão GeralPróximo

Do you need the next level of professionalism?

Upgrade your account now!