Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

CVE-2026-12726— Awx: automation-controller: awx: github webhook second-order ssrf via unvalidated statuses_url exfiltrates pat credential

CVSS 6.3 · Medium

Affected Version Matrix 3

VendorProductVersion RangeStatus
Red HatRed Hat Ansible Automation Platform 2anyaffected
anyaffected
anyaffected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-12726

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Awx: automation-controller: awx: github webhook second-order ssrf via unvalidated statuses_url exfiltrates pat credential
Source: NVD (National Vulnerability Database)
Vulnerability Description
A flaw was found in the AWX GitHub webhook integration. When processing GitHub pull_request webhooks, the controller stores the pull_request.statuses_url value from the webhook payload without validating that it points to a trusted GitHub API endpoint. If a job template is configured with a GitHub Personal Access Token as its webhook credential, the controller later POSTs that token to the stored callback URL when posting job status updates. An attacker who can submit a correctly signed forged webhook using the job template's webhook_key can redirect the callback to an attacker-controlled URL and exfiltrate the configured GitHub PAT.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
服务端请求伪造(SSRF)
Source: NVD (National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
Red HatRed Hat Ansible Automation Platform 2-cpe:/a:redhat:ansible_automation_platform:2
Red HatRed Hat Ansible Automation Platform 2-cpe:/a:redhat:ansible_automation_platform:2
Red HatRed Hat Ansible Automation Platform 2-cpe:/a:redhat:ansible_automation_platform:2

II. Public POCs for CVE-2026-12726

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-12726

登录查看更多情报信息。

Vendor Advisories for CVE-2026-12726 (1)

Other References for CVE-2026-12726 (1)

Same Patch Batch · Red Hat · 2026-06-19 · 6 CVEs total

CVE-2026-562087.6 HIGHLibaom: libaom: heap buffer overflow in av1 encoder first-pass stats buffer via lap mode
CVE-2026-562117.1 HIGHLibaom: libaom: remote code execution via svc layer context handling with attacker-control
CVE-2026-562107.1 HIGHLibaom: libaom: heap-buffer-overflow read via missing bounds check in ctrl_set_layer_id
CVE-2026-562097.1 HIGHLibaom: libaom: arbitrary address write via svc layer context oob and cyclic refresh map p
CVE-2026-127066.5 MEDIUMFfmpeg: ffmpeg: heap use-after-free read in rasc decoder decode_move()

IV. Related Vulnerabilities

Same product: Red Hat Ansible Automation Platform 2
Same vendor: Red Hat
Same weakness: CWE-918

V. Comments for CVE-2026-12726

No comments yet

Leave a comment