A local privilege escalation vulnerability was found in the ansible.posix authorizedkey module. The module's keyfile() function uses os.chown() instead of os.lchown() and opens files without ONOFOLLOW when managing SSH authorized keys. An unprivileged local user can pre-stage symbolic links in their ~/.ssh directory to redirect file ownership changes to arbitrary system paths when an operator runs the authorized_key task as root, leading to local privilege escalation.