Lucene search
K

8 matches found

NVD
NVD
added 2026/06/09 10:16 a.m.13 views

CVE-2026-52902

A path traversal vulnerability was found in awxkit, the CLI tool for AWX. The YAML !include directive does not sanitize file paths, allowing an attacker to craft a malicious YAML file that reads arbitrary YAML-formatted files from the local filesystem when a user imports it using "awx --conf.form...

4.7CVSS0.00121EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/09 9:33 a.m.12 views

EUVD-2026-35389

A path traversal vulnerability was found in awxkit, the CLI tool for AWX. The YAML !include directive does not sanitize file paths, allowing an attacker to craft a malicious YAML file that reads arbitrary YAML-formatted files from the local filesystem when a user imports it using "awx --conf.form...

4.7CVSS5.5AI score0.00121EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/09 9:33 a.m.38 views

CVE-2026-52902 Awxkit: path traversal via yaml !include directive

A path traversal vulnerability was found in awxkit, the CLI tool for AWX. The YAML !include directive does not sanitize file paths, allowing an attacker to craft a malicious YAML file that reads arbitrary YAML-formatted files from the local filesystem when a user imports it using "awx --conf.form...

4.7CVSS0.00121EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/09 9:33 a.m.6 views

CVE-2026-52902 Awxkit: path traversal via yaml !include directive

A path traversal vulnerability was found in awxkit, the CLI tool for AWX. The YAML !include directive does not sanitize file paths, allowing an attacker to craft a malicious YAML file that reads arbitrary YAML-formatted files from the local filesystem when a user imports it using "awx --conf.form...

4.7CVSS5.4AI score0.00121EPSS
Exploits0References2
CVE
CVE
added 2026/06/09 9:33 a.m.27 views

CVE-2026-52902

CVE-2026-52902 affects awxkit (AWX CLI). The YAML !include directive permits path traversal, enabling an attacker to craft a YAML file that reads arbitrary local YAML files when a user imports it via awx --conf.format yaml import. This is a client-side vulnerability requiring user interaction. Mi...

4.7CVSS5.5AI score0.00121EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/09 9:33 a.m.17 views

CVE-2026-52902

A path traversal vulnerability was found in awxkit, the CLI tool for AWX. The YAML !include directive does not sanitize file paths, allowing an attacker to craft a malicious YAML file that reads arbitrary YAML-formatted files from the local filesystem when a user imports it using "awx --conf.form...

4.7CVSS5.5AI score0.00121EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.13 views

awxkit 路径遍历漏洞

awxkit is an open-source command-line tool developed by Ansible. Awxkit has a path traversal vulnerability, which stems from the YAML !include directive not clearing file paths properly. This vulnerability could allow attackers to read any YAML format file from the local file system through a...

4.7CVSS5.3AI score0.00121EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.11 views

PT-2026-47736

Name of the Vulnerable Software and Affected Versions awxkit affected versions not specified Description A path traversal issue exists in the CLI tool for AWX. The YAML !include directive fails to sanitize file paths, which allows an attacker to create a malicious YAML file. When a user imports...

4.7CVSS5.9AI score0.00121EPSS
Exploits0References7
Rows per page
Query Builder