PYSEC-2026-1123

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/ansible-core/PYSEC-2026-1123.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-1123
Aliases
Published
2026-07-07T14:34:44.267867Z
Modified
2026-07-07T17:46:19.571846953Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L CVSS Calculator
  • 1.2 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:P CVSS Calculator
Summary
Ansible-Core vulnerable to content protections bypass
Details

A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playbooks.

References

Affected packages

PyPI / ansible-core

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.16.14rc1
Introduced
2.17.0b1
Fixed
2.17.7rc1
Introduced
2.18.0b1
Fixed
2.18.1rc1

Affected versions

0.*
0.0.1a1
2.*
2.11.0b1
2.11.0b2
2.11.0b3
2.11.0b4
2.11.0rc1
2.11.0rc2
2.11.0
2.11.1rc1
2.11.1
2.11.2rc1
2.11.2
2.11.3rc1
2.11.3
2.11.4rc1
2.11.4
2.11.5rc1
2.11.5
2.11.6rc1
2.11.6
2.11.7rc1
2.11.7
2.11.8rc1
2.11.8
2.11.9rc1
2.11.9
2.11.10rc1
2.11.10
2.11.11rc1
2.11.11
2.11.12rc1
2.11.12
2.12.0b1
2.12.0b2
2.12.0rc1
2.12.0
2.12.1rc1
2.12.1
2.12.2rc1
2.12.2
2.12.3rc1
2.12.3
2.12.4rc1
2.12.4
2.12.5rc1
2.12.5
2.12.6rc1
2.12.6
2.12.7rc1
2.12.7
2.12.8rc1
2.12.8
2.12.9rc1
2.12.9
2.12.10rc1
2.12.10
2.13.0b0
2.13.0b1
2.13.0rc1
2.13.0
2.13.1rc1
2.13.1
2.13.2rc1
2.13.2
2.13.3rc1
2.13.3
2.13.4rc1
2.13.4
2.13.5rc1
2.13.5
2.13.6rc1
2.13.6
2.13.7rc1
2.13.7
2.13.8rc1
2.13.8
2.13.9rc1
2.13.9
2.13.10rc1
2.13.10
2.13.11rc1
2.13.11
2.13.12rc1
2.13.12
2.13.13rc1
2.13.13
2.14.0b1
2.14.0b2
2.14.0b3
2.14.0rc1
2.14.0rc1.post0
2.14.0rc2
2.14.0
2.14.1rc1
2.14.1
2.14.2rc1
2.14.2
2.14.3rc1
2.14.3
2.14.4rc1
2.14.4
2.14.5rc1
2.14.5
2.14.6rc1
2.14.6
2.14.7rc1
2.14.7
2.14.8rc1
2.14.8
2.14.9rc1
2.14.9
2.14.10rc1
2.14.10
2.14.11rc1
2.14.11
2.14.12rc1
2.14.12
2.14.13
2.14.14rc1
2.14.14
2.14.15rc1
2.14.15
2.14.16rc1
2.14.16
2.14.17rc1
2.14.17
2.14.18rc1
2.14.18
2.15.0b1
2.15.0b2
2.15.0b3
2.15.0rc1
2.15.0rc2
2.15.0
2.15.1rc1
2.15.1
2.15.2rc1
2.15.2
2.15.3rc1
2.15.3
2.15.4rc1
2.15.4
2.15.5rc1
2.15.5
2.15.6rc1
2.15.6
2.15.7rc1
2.15.7
2.15.8
2.15.9rc1
2.15.9
2.15.10rc1
2.15.10
2.15.11rc1
2.15.11
2.15.12rc1
2.15.12
2.15.13rc1
2.15.13
2.16.0b1
2.16.0b2
2.16.0rc1
2.16.0
2.16.1rc1
2.16.1
2.16.2
2.16.3rc1
2.16.3
2.16.4rc1
2.16.4
2.16.5rc1
2.16.5
2.16.6
2.16.7rc1
2.16.7
2.16.8rc1
2.16.8
2.16.9rc1
2.16.9
2.16.10rc1
2.16.10
2.16.11rc1
2.16.11
2.16.12rc1
2.16.12
2.16.13rc1
2.16.13
2.17.0b1
2.17.0rc1
2.17.0rc2
2.17.0
2.17.1rc1
2.17.1
2.17.2rc1
2.17.2rc2
2.17.2
2.17.3rc1
2.17.3
2.17.4rc1
2.17.4
2.17.5rc1
2.17.5
2.17.6rc1
2.17.6
2.18.0b1
2.18.0rc1
2.18.0rc2
2.18.0

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/ansible-core/PYSEC-2026-1123.yaml"