CVE-2026-0598— Ansible-lightspeed: broken object level authorization leading to cross-user ai conversation context injection in ansible lightspeed api
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-0598
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Ansible-lightspeed: broken object level authorization leading to cross-user ai conversation context injection in ansible lightspeed api
Source: NVD (National Vulnerability Database)
Vulnerability Description
A security flaw was identified in the Ansible Lightspeed API conversation endpoints that handle AI chat interactions. The APIs do not properly verify whether a conversation identifier belongs to the authenticated user making the request. As a result, an attacker with valid credentials could access or influence conversations owned by other users. This exposes sensitive conversation data and allows unauthorized manipulation of AI-generated outputs.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
未经验证的属主
Source: NVD (National Vulnerability Database)
Vulnerability Title
Red Hat Ansible Automation Platform 2 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Red Hat Ansible Automation Platform 2是美国红帽(Red Hat)公司的一款构建、部署和管理自动化的软件。 Red Hat Ansible Automation Platform 2存在安全漏洞,该漏洞源于处理AI聊天交互的对话端点未正确验证会话标识符是否属于发出请求的已认证用户,可能导致拥有有效凭据的攻击者访问或影响其他用户的对话,从而暴露敏感数据或进行未授权操作。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Red Hat | Red Hat Ansible Automation Platform 2.6 | 1777387242 ~ * | cpe:/a:redhat:ansible_automation_platform:2.6::el9 | |
| Red Hat | Red Hat Ansible Automation Platform 2 | - | cpe:/a:redhat:ansible_automation_platform:2 | |
| Red Hat | Red Hat Ansible Automation Platform 2 | - | cpe:/a:redhat:ansible_automation_platform:2 | |
| Red Hat | Red Hat Ansible Automation Platform 2 | - | cpe:/a:redhat:ansible_automation_platform:2 | |
| Red Hat | Red Hat Ansible Automation Platform 2 | - | cpe:/a:redhat:ansible_automation_platform:2 | |
| Red Hat | Red Hat Ansible Automation Platform 2 | - | cpe:/a:redhat:ansible_automation_platform:2 | |
| Red Hat | Red Hat Ansible Automation Platform 2 | - | cpe:/a:redhat:ansible_automation_platform:2 | |
| Red Hat | Red Hat Ansible Automation Platform 2 | - | cpe:/a:redhat:ansible_automation_platform:2 | |
| Red Hat | Red Hat Ansible Automation Platform 2 | - | cpe:/a:redhat:ansible_automation_platform:2 | |
| Red Hat | Red Hat Ansible Automation Platform 2 | - | cpe:/a:redhat:ansible_automation_platform:2 | |
| Red Hat | Red Hat Ansible Automation Platform 2 | - | cpe:/a:redhat:ansible_automation_platform:2 | |
| Red Hat | Red Hat Ansible Automation Platform 2 | - | cpe:/a:redhat:ansible_automation_platform:2 | |
| Red Hat | Red Hat Ansible Automation Platform 2 | - | cpe:/a:redhat:ansible_automation_platform:2 | |
| Red Hat | Red Hat Ansible Automation Platform 2 | - | cpe:/a:redhat:ansible_automation_platform:2 | |
| Red Hat | Red Hat Ansible Automation Platform 2 | - | cpe:/a:redhat:ansible_automation_platform:2 | |
| Red Hat | Red Hat Ansible Automation Platform 2 | - | cpe:/a:redhat:ansible_automation_platform:2 | |
| Red Hat | Red Hat Ansible Automation Platform 2 | - | cpe:/a:redhat:ansible_automation_platform:2 | |
| Red Hat | Red Hat Ansible Automation Platform 2 | - | cpe:/a:redhat:ansible_automation_platform:2 | |
| Red Hat | Red Hat Ansible Automation Platform 2 | - | cpe:/a:redhat:ansible_automation_platform:2 | |
| Red Hat | Red Hat Ansible Automation Platform 2 | - | cpe:/a:redhat:ansible_automation_platform:2 | |
| Red Hat | Red Hat Ansible Automation Platform 2 | - | cpe:/a:redhat:ansible_automation_platform:2 | |
| Red Hat | Red Hat Ansible Automation Platform 2 | - | cpe:/a:redhat:ansible_automation_platform:2 | |
| Red Hat | Red Hat Ansible Automation Platform 2 | - | cpe:/a:redhat:ansible_automation_platform:2 | |
| Red Hat | Red Hat Ansible Automation Platform 2 | - | cpe:/a:redhat:ansible_automation_platform:2 | |
| Red Hat | Red Hat Ansible Automation Platform 2 | - | cpe:/a:redhat:ansible_automation_platform:2 | |
| Red Hat | Red Hat Ansible Automation Platform 2 | - | cpe:/a:redhat:ansible_automation_platform:2 | |
| Red Hat | Red Hat Ansible Automation Platform 2 | - | cpe:/a:redhat:ansible_automation_platform:2 | |
| Red Hat | Red Hat Ansible Automation Platform 2 | - | cpe:/a:redhat:ansible_automation_platform:2 | |
| Red Hat | Red Hat Ansible Automation Platform 2 | - | cpe:/a:redhat:ansible_automation_platform:2 | |
| Red Hat | Red Hat Ansible Automation Platform 2 | - | cpe:/a:redhat:ansible_automation_platform:2 | |
| Red Hat | Red Hat Ansible Automation Platform 2 | - | cpe:/a:redhat:ansible_automation_platform:2 | |
| Red Hat | Red Hat Ansible Automation Platform 2 | - | cpe:/a:redhat:ansible_automation_platform:2 | |
| Red Hat | Red Hat Ansible Automation Platform 2 | - | cpe:/a:redhat:ansible_automation_platform:2 | |
| Red Hat | Red Hat Ansible Automation Platform 2 | - | cpe:/a:redhat:ansible_automation_platform:2 |
II. Public POCs for CVE-2026-0598
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-0598
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same vendor: Red Hat
- CVE-2026-42011
Gnutls: gnutls: security bypass due to incorrect name constr - CVE-2026-42010
Gnutls: gnutls: authentication bypass via nul character in u - CVE-2026-6420
Keylime: keylime: security bypass due to hardcoded tpm quote - CVE-2026-34956
Openvswitch: open vswitch: denial of service via malformed f - CVE-2026-34002
Xorg: xwayland: x.org x server: information disclosure or de
Same weakness: CWE-283
- CVE-2026-40337
Sentry kernel has incomplete ownership check for IRQ line ma - CVE-2026-29788
TSPortal: Anyone can forge self-deletion requests of any use - CVE-2026-27486
OpenClaw: Process Safety - Unvalidated PID Kill via SIGKILL - CVE-2025-12815
Amazon Web Services Research and Engineering Studio 安全漏洞 - CVE-2025-36091
IBM Business Automation Insights unverified ownership
V. Comments for CVE-2026-0598
No comments yet