CVE-2026-6266

HIGH

Aap-controller: aap-gateway: account hijacking and unauthorized access via unverified email linking

Title source: cna
STIX 2.1

Description

A flaw was found in the AAP gateway. The user auto-link strategy, introduced in AAP 2.6, automatically links an external Identity Provider (IDP) identity to an existing AAP user account based on email matching without verifying email ownership. This allows a remote attacker to potentially hijack a victim's account or gain unauthorized access to other accounts, including administrative accounts, by manipulating the IDP-provided email.

References (5)

Core 5
Core References
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:13508
https://access.redhat.com/errata/RHSA-2026:13508
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:13512
https://access.redhat.com/errata/RHSA-2026:13512
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:13545
https://access.redhat.com/errata/RHSA-2026:13545
Vdb Entry, X_Refsource_Redhat vdb-entry x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2026-6266
Issue Tracking, X_Refsource_Redhat issue-tracking x_refsource_redhat
RHBZ#2458142
https://bugzilla.redhat.com/show_bug.cgi?id=2458142

Scores

CVSS v3 8.3
EPSS 0.0004
EPSS Percentile 12.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-305
Status published
Products (8)
Red Hat/Red Hat Ansible Automation Platform 2.5 for RHEL 8 0:2.5.20260422-2.el8ap
Red Hat/Red Hat Ansible Automation Platform 2.5 for RHEL 8 0:4.6.28-3.el8ap
Red Hat/Red Hat Ansible Automation Platform 2.5 for RHEL 9 0:2.5.20260422-2.el9ap
Red Hat/Red Hat Ansible Automation Platform 2.5 for RHEL 9 0:4.6.28-3.el9ap
Red Hat/Red Hat Ansible Automation Platform 2.6 1777311120
Red Hat/Red Hat Ansible Automation Platform 2.6 1777377014
Red Hat/Red Hat Ansible Automation Platform 2.6 for RHEL 9 0:2.6.20260422-1.el9ap
Red Hat/Red Hat Ansible Automation Platform 2.6 for RHEL 9 0:4.7.11-2.el9ap
Published May 04, 2026
Tracked Since May 04, 2026