CVE-2026-44188

medium Red Hat
CVSS v3 Base Score
5.3
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
0.4%
Exploitation probability in 30 days
Top 65% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Confidentiality
High
Integrity
None
Availability
None
Published: June 15, 2026 (24 days ago)
Last Modified: June 15, 2026
Vendor: Red Hat
Fix Available: ✓ Yes
Source: REDHAT

Description

A flaw was found in Ansible Lightspeed. This vulnerability, related to insufficient session expiration, allows a remote attacker to maintain persistent access to the Ansible Lightspeed instance. If an attacker exfiltrates a valid OAuth (Open Authorization) access token before a user logs out, they can continue to authenticate and access sensitive data. This is because the application fails to invalidate the token on the backend, leaving it valid until its natural expiration. This can lead to unauthorized read access to Ansible resources such as inventories, playbooks, and configuration data.

CWE

CWE-613

Affected Products

Red Hat Ansible Automation Platform 2Red Hat Ansible Automation Platform 2.7

Fix Status

✅ Fix Available

References