CVE-2026-11332: Ansible-Core Arbitrary Code Execution via Role Injection
A vulnerability in ansible-core allows attackers to execute arbitrary code on systems where users install malicious Ansible roles. The attack works by embedding hidden git commands in a role's dependency specification file. When a user runs the standard ansible-galaxy role install command to fetch a role, the injected git flags execute with the privileges of that user, potentially giving an attacker full control over the victim's machine.
Source data · NVD / CISA · public domain
- CVSS
- 3.1 · 7.8 HIGH · CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Weaknesses (CWE)
- CWE-88
- Affected products
- 0 configuration(s)
- Published / Modified
- 2026-06-05 / 2026-07-13
NVD description (verbatim)
A flaw was found in ansible-core. The ansible-galaxy role install command processes dependency specifications from a role's meta/requirements.yml file. Due to improper neutralization of argument delimiters, a malicious role author can inject arbitrary git configuration flags through the src field. This allows arbitrary code execution on the machine of a user who installs the role via ansible-galaxy role install.
6 reference(s) · View on NVD →
SEC.co analysis · AI-assisted, reviewed against source
Technical summary
CVE-2026-11332 is an argument injection vulnerability (CWE-88) in ansible-core's ansible-galaxy role install functionality. The vulnerability exists in how the command processes dependency specifications from a role's meta/requirements.yml file. Specifically, the src field—which specifies the source repository for role dependencies—is not properly sanitized before being passed to git commands. A malicious role author can inject arbitrary git configuration flags (such as --upload-pack) through this field, leading to arbitrary command execution in the context of the user running ansible-galaxy. The CVSS 3.1 score of 7.8 reflects high severity due to local attack vector, low attack complexity, and impact on confidentiality, integrity, and availability.
Business impact
This vulnerability directly threatens organizations using Ansible for infrastructure automation and configuration management. The risk is particularly acute in environments where developers or operators regularly install third-party roles from Ansible Galaxy or internal repositories. An attacker can gain code execution with the privileges of the user running ansible-galaxy—potentially a developer workstation, CI/CD pipeline, or automation server. Successful exploitation could lead to theft of credentials stored in ~/.ssh or environment variables, injection of malicious playbooks into infrastructure-as-code repositories, lateral movement within the network, or sabotage of infrastructure configurations. The attack requires user interaction (installing a role) but no special privileges, making it feasible for widespread campaigns targeting Ansible users.
Affected systems
All versions of ansible-core prior to patched releases are affected. The vulnerability is triggered specifically through the ansible-galaxy role install command when processing roles with malicious dependency specifications. Any system where users install Ansible roles is potentially vulnerable, including developer workstations, CI/CD runners (Jenkins, GitLab CI, GitHub Actions), Ansible Automation Platform instances, and dedicated Ansible control nodes. The attack surface expands if users install roles from untrusted sources or if role repositories are compromised.
Exploitability
Exploitation requires crafting a malicious role with a specially formatted meta/requirements.yml file and either hosting it on a public/private repository or waiting for installation from a compromised source. Once the role is installed via ansible-galaxy role install, the injected git flags execute automatically—no additional user action is needed beyond the initial install command. While this is not a zero-interaction vulnerability (user must initiate the install), it is straightforward to exploit because: (1) the attack is transparent to the user, (2) no special system privileges are required, and (3) standard development workflows naturally include installing dependencies. The low attack complexity and lack of privilege escalation requirements make this a practical threat.
Remediation
Organizations must update ansible-core to a patched version that properly sanitizes the src field in role dependency specifications. After patching, conduct an audit of installed roles to identify any that may have been compromised or installed from untrusted sources. In the interim, restrict role installations to trusted internal repositories only, disable public Galaxy access if possible, and educate developers to review role meta/requirements.yml files before installation. Consider implementing code review processes for any custom or third-party roles before they are deployed in production automation.
Patch guidance
Verify the latest ansible-core release notes and security advisories from the Ansible project for patched versions addressing CVE-2026-11332. Apply patches across all systems running ansible-core, prioritizing CI/CD pipelines, Automation Platform instances, and shared control nodes. Test patched versions in a non-production environment to ensure compatibility with existing playbooks and roles. If in-place upgrades are not immediately feasible, apply compensating controls such as role repository whitelisting and review of existing role dependencies.
Detection guidance
Monitor ansible-galaxy and git command executions for unusual flags or malformed src field values in role meta files. Inspect meta/requirements.yml files across deployed roles for suspicious git configuration options. Review recent role installations and their sources—particularly those from public Galaxy, forks, or recently-modified repositories. Check for unexpected git processes spawned during ansible-galaxy role install runs. Endpoint detection and response (EDR) tools should flag unexpected child processes or command-line argument patterns that deviate from normal Ansible role installation patterns.
Why prioritize this
This vulnerability merits immediate prioritization due to its high CVSS score (7.8), practical exploitability, and presence in widely-used infrastructure automation tooling. The attack does not require elevated privileges, relies only on user interaction to install a role (a routine operation), and grants full code execution. Organizations relying on Ansible for configuration management face direct business continuity risk. The attack surface is broad because role installation is a standard development practice, and compromised or malicious roles could be injected into supply chains via public repositories or internal forks.
Risk score, explained
The CVSS 3.1 score of 7.8 (HIGH) reflects: Local attack vector (user's machine), Low attack complexity (straightforward injection), No privilege requirement (executes as the invoking user), User interaction required (installing a role), and high impact across confidentiality, integrity, and availability (arbitrary code execution). The score appropriately captures the severity—this is not a critical remote network vulnerability, but it is a high-risk local code execution flaw that affects a widely-used automation tool and requires minimal attacker sophistication.
Frequently asked questions
Can this vulnerability be exploited remotely or only locally?
The attack vector is local—the malicious code executes on the machine where ansible-galaxy role install is run. However, the initial trigger (installing a compromised role) can come from remote sources such as Ansible Galaxy, GitHub, or internal repositories. So while code execution is local, the attack can be orchestrated remotely by injecting a malicious role into a repository.
What is the difference between installing a role and running a playbook? Am I at risk if I only execute existing playbooks?
Installing a role and executing a playbook are distinct operations. This vulnerability is triggered during role installation (ansible-galaxy role install command), not during playbook execution. If you have already installed a set of roles and only run playbooks that use them, you are not directly vulnerable to this flaw. However, if your CI/CD pipeline or automation includes role installation steps, or if you regularly update existing roles, you remain at risk.
How do I check if a role I already installed is malicious?
Review the meta/requirements.yml file of each installed role. Look for src fields containing suspicious characters, unexpected git flags (like --upload-pack, --exec), or unusual URL encoding. If a role was installed from a public repository, check the repository's recent commit history for unexpected changes. Consider reinstalling roles from trusted sources only and comparing checksums or using git verify-commit if available. If you cannot audit all roles, prioritize those installed recently or from external sources.
Does this affect Ansible modules or only roles?
The vulnerability is specific to the ansible-galaxy role install command, which manages role dependencies. Standalone Ansible modules distributed via collections or imported directly into playbooks are not affected by this particular flaw. However, if a module is packaged within a role that uses malicious dependencies, the exploit could still execute during that role's installation.
This intelligence is provided for informational and defensive purposes. No exploit code or weaponized proof-of-concept is included. Patch version numbers and specific affected product lists should be verified against official vendor security advisories. Organization-specific risk assessment and testing in non-production environments are required before applying patches. SEC.co and its analysts bear no liability for damages arising from use or misuse of this intelligence. Source: NVD (public-domain), retrieved 2026-07-13. Analysis generated by SEC.co (claude-haiku-4-5).
Weaknesses (CWE)
Related vulnerabilities
- CVE-2024-52011HIGHCommand Injection in launch-editor via Malicious Filenames on Windows
- CVE-2026-41013HIGHCloud Foundry Diego SMB Mount Input Validation Bypass (CVSS 8.1)
- CVE-2026-48116HIGHAnythingLLM Command Injection via Ripgrep Abuse
- CVE-2026-49373HIGHTeamCity Perforce RCE – Patch to 2026.1
- CVE-2018-25382HIGHZechat 1.5 SQL Injection Vulnerability – Unauthenticated Database Access
- CVE-2018-25383HIGHFree MP3 CD Ripper 2.8 Stack Overflow – ROP and DEP Bypass Risk
- CVE-2018-25385HIGHUnauthenticated SQL Injection in E-Registrasi Pencak Silat 18.10
- CVE-2018-25386HIGHSQL Injection in HaPe PKH 1.1 Admin Interface