CVE-2026-52902 – Awxkit: path traversal via yaml !include directive

CVE ID :CVE-2026-52902

Published : June 9, 2026, 10:16 a.m. | 19 minutes ago

Description :A path traversal vulnerability was found in awxkit, the CLI tool for AWX. The YAML !include directive does not sanitize file paths, allowing an attacker to craft a malicious YAML file that reads arbitrary YAML-formatted files from the local filesystem when a user imports it using “awx –conf.format yaml import”. This is a client-side vulnerability requiring user interaction.

Severity: 4.7 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-46324 – netfilter: nf_tables: use list_del_rcu for netlink hooks

CVE-2026-46323 – net: gro: don’t merge zcopy skbs

CVE-2026-46322 – tun: free page on build_skb failure in tun_xdp_one()

CVE-2026-46321 – tun: free page on short-frame rejection in tun_xdp_one()