CVE-2026-52902

Published: Giu 09, 2026 Last Modified: Giu 09, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 4,7

Source: [email protected]

Attack Vector: local

Attack Complexity: high

Privileges Required: none

User Interaction: required

Scope: unchanged

Confidentiality: high

Integrity: none

Availability: none

Description

AI Translation Available

A path traversal vulnerability was found in awxkit, the CLI tool for AWX. The YAML !include directive does not sanitize file paths, allowing an attacker to craft a malicious YAML file that reads arbitrary YAML-formatted files from the local filesystem when a user imports it using 'awx --conf.format yaml import'. This is a client-side vulnerability requiring user interaction.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score

0,0001

Percentile

0,0th

Updated

EPSS Score Trend (Last 6 Days)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Stable

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Integrity Confidentiality Availability

Potential Impacts:

Execute Unauthorized Code Or Commands Modify Files Or Directories Read Files Or Directories Dos: Crash, Exit, Or Restart

Applicable Platforms

Technologies: AI/ML

Likelihood of Exploit: High

View CWE Details

https://access.redhat.com/security/cve/CVE-2026-52902

https://bugzilla.redhat.com/show_bug.cgi?id=2486729

CVE-2026-52902

Description

EPSS (Exploit Prediction Scoring System)

EPSS (Exploit Prediction Scoring System)

EPSS Score Trend (Last 6 Days)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Common Consequences

Applicable Platforms

Iscriviti alla newsletter