Fabre

#1139917 ansible: CVE-2026-11837 #1139917

Package:: src:ansible

Source:: src:ansible

Submitter:: Salvatore Bonaccorso

Date:: 2026-06-13 11:53:02 UTC

Severity:: normal

Tags:

#1139917#5

Date:: 2026-06-13 11:50:30 UTC

From:

To:

Hi,

The following vulnerability was published for ansible.

CVE-2026-11837[0]:
| A local privilege escalation vulnerability was found in the
| ansible.posix authorized_key module. The module's keyfile() function
| uses os.chown() instead of os.lchown() and opens files without
| O_NOFOLLOW when managing SSH authorized keys. An unprivileged local
| user can pre-stage symbolic links in their ~/.ssh directory to
| redirect file ownership changes to arbitrary system paths when an
| operator runs the authorized_key task as root, leading to local
| privilege escalation.

At time of writing this bugereport only the Red Hat reference was
known, so might you check with upstream?

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2026-11837
https://www.cve.org/CVERecord?id=CVE-2026-11837
[1] https://bugzilla.redhat.com/show_bug.cgi?id=2487424

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

#1139917 ansible: CVE-2026-11837 #1139917

Just Reply to ...

Reply to submitter ...

Send control command (Silently)

Set Architecture Tags (Silently)