Critical Event-Driven Ansible Flaw Leaks Stored Credentials
ID: e1ff26fb-468c-5a4d-ac78-d082a287491c
STIX ID: report--e1ff26fb-468c-5a4d-ac78-d082a287491c
Feed Name: securityonline.info
Threat Score
**Critical vulnerability (CVE-2026-11807)**: Event-Driven Ansible's websocket API in Red Hat Ansible Automation Platform 2.5/2.6 contains a missing authorization bug that allows any authenticated user to request arbitrary activation IDs and receive stored plaintext credentials (OAuth tokens, vault passwords, SSH keys); Red Hat rated it CVSS 9.6 and has released patches — apply updates, restrict websocket access, and rotate exposed credentials.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
