CVE-2026-11332: Ansible-core: argument injection in ansible-galaxy role install leads to arbitrary code execution
A flaw was found in ansible-core. The ansible-galaxy role install command processes dependency specifications from a role's meta/requirements.yml file. Due to improper neutralization of argument delimiters, a malicious role author can inject arbitrary git configuration flags through the src field. This allows arbitrary code execution on the machine of a user who installs the role via ansible-galaxy role install.
Security readout for executives and security teams
Plain-English summary
Installing an untrusted Ansible role can silently run attacker code on the machine doing the install. The role's metadata can smuggle extra options into git, turning a routine "download this role" step into arbitrary command execution. Anyone who runs ansible-galaxy role install against a malicious or tampered role is at risk, including automation build hosts and engineer laptops.
Executive priority
Treat as a high-priority patch cycle for teams that use Ansible Automation Platform or ansible-galaxy in build pipelines. Not an internet-facing zero-day, but a realistic supply-chain path into automation infrastructure, which typically holds broad credentials. Schedule remediation in the next standard maintenance window and restrict external role installs in the interim.
Technical view
A CWE-88 argument injection flaw exists in ansible-core's ansible-galaxy role install. Dependency entries from a role's meta/requirements.yml are passed to git without properly neutralizing argument delimiters in the src field, letting a hostile role author inject arbitrary git configuration flags. Those flags can trigger code execution during clone, yielding local code execution under the installing user's identity. CVSS 3.1 is 7.8 (AV:L/AC:L/PR:N/UI:R).
Likely exposure
Any host that runs ansible-galaxy role install against community or third-party roles: developer workstations, CI/CD build agents, controller nodes, and Ansible Automation Platform components (execution environments, hub, controller, EDA, lightspeed, gateway) flagged as affected by Red Hat. Migration Toolkit, ACM, and OpenShift Service Mesh operator images are also under investigation per the Red Hat advisory.
Exploitation context
Not listed in CISA KEV and no public exploitation is cited in the bundle. Attack requires the victim to install a role controlled or influenced by the attacker (UI:R), so exposure hinges on trust in role sources and dependency pipelines. Because supply-chain-style abuse of Galaxy content is plausible, treat any automation host that pulls external roles as at risk until patched.
Researcher notes
CWE-88 argument injection through the src field of meta/requirements.yml means the git command line built by ansible-galaxy accepts attacker-supplied flags. Focus review on how role dependency specs are tokenized and passed to subprocess/git invocations. Red Hat lists many AAP 2.6 components as "affected" and several MTA/MTV/ACM/Service Mesh operator bundles as "unknown," so the CSAF VEX is the authoritative per-product status. KEV flag is false as of 2026-07-10.
Mitigation direction
Apply Red Hat ansible-core updates once released for AAP 2.4/2.5/2.6 and affected operator images.
Restrict ansible-galaxy role install to vetted, internally mirrored role sources only.
Block or proxy outbound Galaxy pulls from CI runners and controller nodes until patched.
Run role installs as low-privilege users in isolated execution environments, not as root.
Review meta/requirements.yml files in existing roles for suspicious src values containing option-like syntax.
Track the Red Hat CSAF/VEX feed for per-product fixed versions and errata.
Validation and detection
Inventory hosts running ansible-core and identify those that execute ansible-galaxy role install.
Cross-reference installed AAP components against Red Hat's affected package list in the advisory.
Check package versions of ansible-core on controllers, execution environments, and developer images.
Audit CI/CD jobs and playbooks for calls to ansible-galaxy role install with external sources.
Consult Red Hat's CSAF VEX document for definitive fixed-version and 'not affected' status per product.
Confirm remediation by verifying upgraded ansible-core versions after Red Hat publishes errata.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cwe · medium confidence lookup
CWE-88: Command execution behavior lookup
Command injection weaknesses can lead defenders to review execution techniques and command interpreter telemetry. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
The CVE wording references code or command execution, so execution technique review may help defensive triage. This is a Glexia inferred lookup path, not an official MITRE, ATT&CK, or CVE Program mapping.
The affected technology mentions containers, so container-specific ATT&CK technique review may help. This is a Glexia inferred lookup path, not an official MITRE, ATT&CK, or CVE Program mapping.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
2CVSS vectors
7Timeline events
2ADP providers
5Source links
SSVC decision data
CISA-ADPCISA Coordinator
Timestamp
Version
2.0.3
Exploitation: noneAutomatable: noTechnical Impact: total
CVSS vector scores
2 official scores
We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
CWE-88 · source CWE mapping
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.