ansible-core-2.20-2.20.6-1.1 on GA media (moderate)

ansible-core-2.20-2.20.6-1.1 on GA media Announcement ID: openSUSE-SU-2026:10945-1 Rating: moderate Cross-References: CVE-2023-5115 CVE-2023-5764 CVE-2024-0690 CVE-2024-11079 CVE-2024-8775 CVE-2024-9902 CVSS scores: CVE-2023-5115 SUSE : 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N CVE-2023-57...

SUSE CVE-2026-11332

A flaw was found in ansible-core. The ansible-galaxy role install command processes dependency specifications from a role's meta/requirements.yml file. Due to improper neutralization of argument delimiters, a malicious role author can inject arbitrary git configuration flags through the src field...

Arbitrary Argument Injection

Overview ansible-core is an a radically simple IT automation system. It handles configuration management, application deployment, cloud provisioning, ad-hoc task execution, network automation, and multi-node orchestration. Ansible makes complex changes like zero-downtime rolling updates with load...

CVE-2026-11332

A flaw was found in ansible-core. The ansible-galaxy role install command processes dependency specifications from a role's meta/requirements.yml file. Due to improper neutralization of argument delimiters, a malicious role author can inject arbitrary git configuration flags through the src field...

CVE-2026-11332

A flaw was found in ansible-core. The ansible-galaxy role install command processes dependency specifications from a role's meta/requirements.yml file. Due to improper neutralization of argument delimiters, a malicious role author can inject arbitrary git configuration flags through the src field...

EUVD-2026-34791

A flaw was found in ansible-core. The ansible-galaxy role install command processes dependency specifications from a role's meta/requirements.yml file. Due to improper neutralization of argument delimiters, a malicious role author can inject arbitrary git configuration flags through the src field...

CVE-2026-11332 Ansible-core: argument injection in ansible-galaxy role install leads to arbitrary code execution

A flaw was found in ansible-core. The ansible-galaxy role install command processes dependency specifications from a role's meta/requirements.yml file. Due to improper neutralization of argument delimiters, a malicious role author can inject arbitrary git configuration flags through the src field...

CVE-2026-11332 Ansible-core: argument injection in ansible-galaxy role install leads to arbitrary code execution

A flaw was found in ansible-core. The ansible-galaxy role install command processes dependency specifications from a role's meta/requirements.yml file. Due to improper neutralization of argument delimiters, a malicious role author can inject arbitrary git configuration flags through the src field...

CVE-2026-11332

A flaw was found in ansible-core. The ansible-galaxy role install command processes dependency specifications from a role's meta/requirements.yml file. Due to improper neutralization of argument delimiters, a malicious role author can inject arbitrary git configuration flags through the src field...

CVE-2026-11332

A flaw was found in ansible-core. The ansible-galaxy role install command processes dependency specifications from a role's meta/requirements.yml file. Due to improper neutralization of argument delimiters, a malicious role author can inject arbitrary git configuration flags through the src field...

CVE-2026-11332

CVE-2026-11332 affects ansible-core via the ansible-galaxy role install command. The vulnerability arises when processing a role’s meta/requirements.yml, where improper neutralization of argument delimiters allows a malicious role author to inject arbitrary git configuration flags through the src...

PT-2026-46910

Name of the Vulnerable Software and Affected Versions ansible-core affected versions not specified Red Hat Ansible Automation Platform affected versions not specified Description An issue exists in the ansible-galaxy role install command where dependency specifications from a role's...

Linux Distros Unpatched Vulnerability : CVE-2026-11332

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in ansible-core. The ansible-galaxy role install command processes dependency specifications from a role's meta/requirements.yml file. Due to...

OPENSUSE-SU-2026:10945-1 ansible-core-2.20-2.20.6-1.1 on GA media

These are all security issues fixed in the ansible-core-2.20-2.20.6-1.1 package on the GA media of openSUSE Tumbleweed...

Security Bulletin: IBM Security SOAR is using a component with a known vulnerability (CVE-2024-11079)

Summary IBM Security SOAR uses an older version of the Ansible-Core component that may be identified and exploited. Updates for supported versions have been released which address the issue. It is recommended to upgrade to version 51.0.10.0 Vulnerability Details CVEID:CVE-2024-11079 DESCRIPTION: ...

Astra Linux - уязвимость в ansible

A flaw was discovered in Ansible. The ansible-core user module allows an unprivileged user to silently create or replace the contents of any file on any system path, and to take ownership of that file when a privileged user executes the user module against the unprivileged user’s home directory. ...

Astra Linux - уязвимость в ansible

A flaw was discovered in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plain text during the execution of a playbook. This occurs when tasks such as includevars are used to load vaulted variables without setting the nolog: true parameter. As a result,...

Astra Linux - уязвимость в ansible

An information disclosure flaw was discovered in ansible-core due to a failure to respect the ANSIBLENOLOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may involve sensitive information, such a...

Fedora 45 : ansible / ansible-core (2026-a8a5f6b41b)

The remote Fedora 45 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-a8a5f6b41b advisory. Latest Ansible 13 - Close bogus CVEs Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...

MiracleLinux 8 : ansible-core-2.16.3-2.el8.ML.1 (AXSA:2024-8343:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8343:02 advisory. ansible-core: possible information leak in tasks that ignore ANSIBLENOLOG configuration CVE-2024-0690 Bug Fixes: Update ansible-core to 2.16.3 JIRA:RHEL-2378...