Vulnerabilities ›

CVE-2026-11332

High

CWE-88 — Weakness Type

                    Published: Jun 5, 2026                      ·  Modified: Jun 10, 2026                      ·  Source: NVD                

CVSS v3

7.8

🔗 NVD Official

📄 Description (English)

A flaw was found in ansible-core. The ansible-galaxy role install command processes dependency specifications from a role's meta/requirements.yml file. Due to improper neutralization of argument delimiters, a malicious role author can inject arbitrary git configuration flags through the src field. This allows arbitrary code execution on the machine of a user who installs the role via ansible-galaxy role install.

🤖 AI Executive Summary

A critical vulnerability in Ansible Galaxy allows arbitrary code execution through malicious role dependencies. Attackers can inject git configuration flags via the src field in meta/requirements.yml, enabling remote code execution when users install compromised roles. This poses significant risk to Saudi organizations using Ansible for infrastructure automation and configuration management.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: Jun 9, 2026 01:48

🇸🇦 Saudi Arabia Impact Assessment

High impact on Saudi government agencies (NCA, NCSC), financial institutions (SAMA-regulated banks), telecommunications (STC, Mobily), and energy sector (Saudi Aramco) that rely on Ansible for infrastructure automation. DevOps teams and system administrators are primary targets. Supply chain risk is significant as compromised roles can propagate through shared Ansible Galaxy repositories used across Saudi organizations.

🏢 Affected Saudi Sectors

Government (NCA, NCSC, Ministry of Interior) Banking and Financial Services (SAMA-regulated institutions) Telecommunications (STC, Mobily, Zain) Energy (Saudi Aramco, SEC) Healthcare (MOH, private hospitals) Critical Infrastructure Technology and IT Services

🎯 MITRE ATT&CK Techniques

T1190 - Exploit Public-Facing Application T1195 - Supply Chain Compromise T1195.001 - Compromise Software Dependencies T1059.006 - Command and Scripting Interpreter: Python T1059.007 - Command and Scripting Interpreter: JavaScript/TypeScript T1543 - Create or Modify System Process T1547 - Boot or Logon Autostart Execution

⚖️ Saudi Risk Score (AI)

8.2

/ 10.0

🔧 Remediation Steps (English)

IMMEDIATE ACTIONS:

1. Audit all Ansible Galaxy roles installed in your environment, particularly from untrusted or newly discovered sources

2. Review meta/requirements.yml files in all installed roles for suspicious src field values containing git flags (--config, --exec-path, etc.)

3. Restrict ansible-galaxy role install commands to trusted internal repositories only

4. Implement network segmentation to limit outbound git connections



COMPENSATING CONTROLS (until patch available):

5. Use Ansible execution environments with read-only filesystems where possible

6. Run ansible-galaxy commands in isolated containers with minimal privileges

7. Implement code review processes for all role dependencies before installation

8. Use git credential helpers instead of embedded credentials in role sources

9. Monitor git process execution for suspicious flags: grep -r "--config\|--exec-path\|--upload-pack" /etc/ansible/

10. Disable ansible-galaxy role install functionality where not essential; use pre-downloaded roles instead



DETECTION RULES:

- Monitor for ansible-galaxy processes with git configuration flag arguments

- Alert on unexpected child processes spawned from ansible-galaxy

- Log all role installations with source validation

- Implement file integrity monitoring on Ansible configuration directories

🔧 خطوات المعالجة (العربية)

الإجراءات الفورية:

1. تدقيق جميع أدوار Ansible Galaxy المثبتة في بيئتك، خاصة من مصادر غير موثوقة أو مكتشفة حديثاً

2. مراجعة ملفات meta/requirements.yml في جميع الأدوار المثبتة للبحث عن قيم حقل src المريبة التي تحتوي على أعلام git

3. تقييد أوامر ansible-galaxy role install على المستودعات الداخلية الموثوقة فقط

4. تنفيذ تقسيم الشبكة لتحديد اتصالات git الصادرة



الضوابط التعويضية (حتى توفر التصحيح):

5. استخدام بيئات تنفيذ Ansible مع أنظمة ملفات للقراءة فقط حيث أمكن

6. تشغيل أوامر ansible-galaxy في حاويات معزولة بامتيازات محدودة

7. تنفيذ عمليات مراجعة الأكواد لجميع تبعيات الأدوار قبل التثبيت

8. استخدام مساعدات بيانات اعتماد git بدلاً من بيانات الاعتماد المضمنة

9. مراقبة تنفيذ عمليات git للبحث عن أعلام مريبة

10. تعطيل وظيفة ansible-galaxy role install حيث لا تكون ضرورية؛ استخدم الأدوار المحملة مسبقاً بدلاً من ذلك

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

ECC 2024 A.5.1.1 - Access Control Policies ECC 2024 A.8.1.1 - Asset Management ECC 2024 A.12.2.1 - Change Management ECC 2024 A.14.2.1 - Secure Development

🔵 SAMA CSF

ID.AM-2 - Software Inventory PR.AC-1 - Access Control PR.DS-6 - Data Security DE.CM-1 - Detection and Analysis

🟡 ISO 27001:2022

A.5.1.1 - Information Security Policies A.8.1.3 - Asset Inventory A.12.2.1 - Change Management A.14.2.1 - Secure Development Policy

🟣 PCI DSS v4.0.1

Requirement 6.2 - Security Patches Requirement 6.3.2 - Code Review Requirement 11.3 - Penetration Testing

🔗 References & Sources 3

🔗

https://access.redhat.com/security/cve/CVE-2026-11332

secalert@redhat.com

🔗

https://bugzilla.redhat.com/show_bug.cgi?id=2485379

secalert@redhat.com

🔗

https://github.com/ansible/ansible

secalert@redhat.com

📊 CVSS Score

7.8

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack VectorL — Low / Local

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionR — Required

ScopeU — Unchanged

ConfidentialityH — High

IntegrityH — High

AvailabilityH — High

📋 Quick Facts

Severity High

CVSS Score7.8

CWECWE-88

EPSS0.02%

Exploit No

Patch ✗ No

Published 2026-06-05

Source Feed nvd

🇸🇦 Saudi Risk Score

8.2

/ 10.0 — Saudi Risk

Priority: CRITICAL

🏷️ Tags

CWE-88

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-11332

Introduce Yourself

Sign In Required