Lucene search
K

6 matches found

NVD
NVD
added 2026/06/19 7:16 p.m.12 views

CVE-2026-12726

A flaw was found in the AWX GitHub webhook integration. When processing GitHub pullrequest webhooks, the controller stores the pullrequest.statusesurl value from the webhook payload without validating that it points to a trusted GitHub API endpoint. If a job template is configured with a GitHub...

6.3CVSS0.00204EPSS
Exploits0References2
CVE
CVE
added 2026/06/19 6:49 p.m.37 views

CVE-2026-12726

AWX/AUTOMATION-CONTROLLER GitHub webhook integration vulnerability (CVE-2026-12726): processing of GitHub pull_request webhooks stores statuses_url from the payload without validating it points to a trusted GitHub API endpoint. If a job template uses a GitHub Personal Access Token as the webhook ...

6.3CVSS5.8AI score0.00204EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/19 6:49 p.m.21 views

CVE-2026-12726 Awx: automation-controller: awx: github webhook second-order ssrf via unvalidated statuses_url exfiltrates pat credential

A flaw was found in the AWX GitHub webhook integration. When processing GitHub pullrequest webhooks, the controller stores the pullrequest.statusesurl value from the webhook payload without validating that it points to a trusted GitHub API endpoint. If a job template is configured with a GitHub...

6.3CVSS0.00204EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/19 6:49 p.m.4 views

CVE-2026-12726

A flaw was found in the AWX GitHub webhook integration. When processing GitHub pullrequest webhooks, the controller stores the pullrequest.statusesurl value from the webhook payload without validating that it points to a trusted GitHub API endpoint. If a job template is configured with a GitHub...

6.3CVSS5.8AI score0.00204EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/19 6:44 p.m.9 views

CVE-2026-12726

A flaw was found in the AWX GitHub webhook integration. When processing GitHub pullrequest webhooks, the controller stores the pullrequest.statusesurl value from the webhook payload without validating that it points to a trusted GitHub API endpoint. If a job template is configured with a GitHub...

6.3CVSS5.8AI score0.00204EPSS
Exploits0References3
Circl
Circl
added 2025/10/02 12:32 p.m.1 views

GHSA-P8HW-RFJG-689H

creationtimestamp| type| source ---|---|--- 2025-10-02 12:32:45+00:00| seen| https://infosec.exchange/users/cR0w/statuses/115304586574138947...

5.8AI score
Exploits0References1
Rows per page
Query Builder