Threats Tagged 'cve-2026-12726'
View all threats tagged with 'cve-2026-12726'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'cve-2026-12726'
Click on any threat for detailed analysis and mitigation recommendations
CVE-2026-12726: Server-Side Request Forgery (SSRF) in Red Hat Red Hat Ansible Automation Platform 2CVE-2026-12726 0 A flaw was found in the AWX GitHub webhook integration. When processing GitHub pull_request webhooks, the controller stores the pull_request.statuses_url value from the webhook payload without validating that it points to a trusted GitHub API endpoint. If a job template is configured with a GitHub Personal Access Token as its webhook credential, the controller later POSTs that token to the stored callback URL when posting job status updates. An attacker who can submit a correctly signed forged webhook using the job template's webhook_key can redirect the callback to an attacker-controlled URL and exfiltrate the configured GitHub PAT. Join the discussion | CVE Database V5 | 06/19/2026, 18:49:55 UTC Added: 06/19/2026, 19:20:10 UTC |
Showing 1 to 1 of 1 result