Critical CVSS 9.8 Vulnerabilities in Red Hat Ansible Allow Remote Code Execution
Summary
CERT-Bund issued a critical security advisory regarding multiple vulnerabilities (CVSS 9.8) in Red Hat Ansible Automation Platform versions prior to 2.5 and 2.6. The vulnerabilities allow remote attackers to execute arbitrary code, conduct denial of service attacks, bypass security controls, manipulate data, disclose confidential information, and perform cross-site scripting attacks. Organizations using affected versions should immediately apply patches and implement mitigation measures.
What changed
CERT-Bund published advisory WID-SEC-2026-0935 identifying critical vulnerabilities in Red Hat Ansible Automation Platform with a CVSS Base Score of 9.8 (Critical) and Temporal Score of 8.5 (High). The affected products are Red Hat Ansible Automation Platform versions below 2.5 and 2.6. An anonymous remote attacker can exploit these vulnerabilities to execute arbitrary code, conduct DoS attacks, bypass security mechanisms, manipulate data, disclose confidential information, or perform XSS attacks.
Organizations running Red Hat Ansible Automation Platform must immediately verify their installed versions and upgrade to version 2.5 or 2.6 or later. IT security teams should apply available mitigations from Red Hat and conduct security audits to detect potential compromise. Failure to patch promptly exposes systems to remote code execution and complete system compromise.
What to do next
- Upgrade Red Hat Ansible Automation Platform to version 2.5 or 2.6 or later immediately
- Apply vendor-provided mitigations for affected versions
- Conduct security audit to detect exploitation attempts on systems running vulnerable versions
Source document (simplified)
[WID-SEC-2026-0935] Red Hat Ansible Automation Platform: Mehrere Schwachstellen CVSS Base Score 9.8 (kritisch) CVSS Temporal Score 8.5 (hoch) Remoteangriff ja Datum 31.03.2026 Stand 01.04.2026 Mitigation ja
Betroffene Systeme
Betriebssystem
- Sonstiges
- UNIX
Produktbeschreibung
Red Hat Ansible Automation Platform ist eine End-to-End-Automatisierungsplattform für die Systemkonfiguration, die Softwarebereitstellung und die Orchestrierung erweiterter Workflows.
Produkte
31.03.2026
- Red Hat Ansible Automation Platform <2.5
- Red Hat Ansible Automation Platform <2.6
Angriff
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat Ansible Automation Platform ausnutzen, um einen Denial of Service Angriff durchzuführen, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, Daten zu manipulieren, vertrauliche Informationen offenzulegen oder Cross-Site-Scripting-Angriffe durchzuführen. CVE Informationen Versionshistorie Feedback zum Advisory geben
Named provisions
Related changes
Source
Classification
Who this affects
Taxonomy
Browse Categories
Get Data Privacy & Cybersecurity alerts
Weekly digest. AI-summarized, no noise.
Free. Unsubscribe anytime.
Get alerts for this source
We'll email you when CERT-Bund Security Advisories publishes new changes.