CVE-2026-52902: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Red Hat Red Hat Ansible Automation Platform 2
CVE-2026-52902 is a path traversal vulnerability in awxkit, the CLI tool for Red Hat Ansible Automation Platform 2. The issue arises because the YAML ! include directive does not properly sanitize file paths, allowing an attacker to craft a malicious YAML file that can read arbitrary YAML-formatted files from the local filesystem when imported using the awx CLI with the --conf. format yaml import command. This is a client-side vulnerability that requires user interaction.
AI Analysis
Technical Summary
This vulnerability involves improper limitation of a pathname to a restricted directory in the awxkit CLI tool of Red Hat Ansible Automation Platform 2. Specifically, the YAML !include directive fails to sanitize file paths, enabling an attacker to create a malicious YAML file that, when imported by a user via the awx CLI command, can read arbitrary YAML files from the local filesystem. The vulnerability requires local user interaction and has a CVSS 3.1 score of 4.7, indicating medium severity.
Potential Impact
An attacker who convinces a user to import a crafted malicious YAML file using the awx CLI tool can read arbitrary YAML-formatted files from the local filesystem. This leads to a confidentiality breach of local data. There is no indication of integrity or availability impact. The vulnerability is client-side and requires user interaction, limiting the attack scope.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory at https://access.redhat.com/security/cve/CVE-2026-52902 for current remediation guidance. Until an official fix is available, users should avoid importing YAML files from untrusted sources using the awx CLI tool to prevent exploitation.
CVE-2026-52902: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Red Hat Red Hat Ansible Automation Platform 2
Description
CVE-2026-52902 is a path traversal vulnerability in awxkit, the CLI tool for Red Hat Ansible Automation Platform 2. The issue arises because the YAML ! include directive does not properly sanitize file paths, allowing an attacker to craft a malicious YAML file that can read arbitrary YAML-formatted files from the local filesystem when imported using the awx CLI with the --conf. format yaml import command. This is a client-side vulnerability that requires user interaction.
CVSS v3.1
Score 4.7medium
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability involves improper limitation of a pathname to a restricted directory in the awxkit CLI tool of Red Hat Ansible Automation Platform 2. Specifically, the YAML !include directive fails to sanitize file paths, enabling an attacker to create a malicious YAML file that, when imported by a user via the awx CLI command, can read arbitrary YAML files from the local filesystem. The vulnerability requires local user interaction and has a CVSS 3.1 score of 4.7, indicating medium severity.
Potential Impact
An attacker who convinces a user to import a crafted malicious YAML file using the awx CLI tool can read arbitrary YAML-formatted files from the local filesystem. This leads to a confidentiality breach of local data. There is no indication of integrity or availability impact. The vulnerability is client-side and requires user interaction, limiting the attack scope.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory at https://access.redhat.com/security/cve/CVE-2026-52902 for current remediation guidance. Until an official fix is available, users should avoid importing YAML files from untrusted sources using the awx CLI tool to prevent exploitation.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- redhat
- Date Reserved
- 2026-06-09T07:23:36.530Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://access.redhat.com/security/cve/CVE-2026-52902","vendor":"Red Hat"}]
Threat ID: 6a27e6ae8dd33fbd8514ca4d
Added to database: 6/9/2026, 10:10:54 AM
Last enriched: 6/9/2026, 10:56:25 AM
Last updated: 6/9/2026, 1:53:40 PM
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.