CVE-2026-11837 Ansible-collection-ansible-posix: ansible.posix authorized_key: local privilege escalation via symlink-following chown

🗓️ 10 Jun 2026 05:03:05Reported by redhatType

CVE-2026-11837: Ansible Posix authorized_key enables local root escalation via symlinks in ~/.ssh.

Reporter	Title	Published	Views	Family All 11
Circl	CVE-2026-11837	10 Jun 202606:00	–	circl
CVE	CVE-2026-11837	10 Jun 202605:03	–	cve
Debian CVE	CVE-2026-11837	10 Jun 202605:03	–	debiancve
EUVD	EUVD-2026-35982	10 Jun 202605:03	–	euvd
NVD	CVE-2026-11837	10 Jun 202605:16	–	nvd
OSV	DEBIAN-CVE-2026-11837	10 Jun 202605:16	–	osv
OSV	UBUNTU-CVE-2026-11837	10 Jun 202605:16	–	osv
Positive Technologies	PT-2026-48375	10 Jun 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-11837	10 Jun 202605:03	–	redhatcve
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2026-11837	10 Jun 202600:00	–	nessus

[
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 10",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "rhel-system-roles",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:10"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "rhc-worker-playbook",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "rhel-system-roles",
    "defaultStatus": "unknown",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "rhel-system-roles",
    "defaultStatus": "unknown",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:9"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat OpenStack Platform 17.1",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "ansible-collection-ansible-posix",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:openstack:17.1"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat OpenStack Platform 18.0",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "ansible-collection-ansible-posix",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:openstack:18.0"
    ]
  }
]

Source	Link
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
access	www.access.redhat.com/security/cve/CVE-2026-11837

10 Jun 2026 15:01Current

CVSS 3.17.3

EPSS0.00021

CWE-59