VYPR
← All advisories
High severity7.5NVD Advisory· Published Jun 16, 2026· Updated Jun 16, 2026

CVE-2026-12398

CVE-2026-12398

Description

Command injection in galaxy_ng legacy role import API (GALAXY_ENABLE_LEGACY_ROLES=True) allows RCE via malicious git ref names.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Command injection in galaxy_ng legacy role import API (GALAXY_ENABLE_LEGACY_ROLES=True) allows RCE via malicious git ref names.

Vulnerability

A command injection vulnerability exists in galaxy_ng's legacy role import API (v1). The do_git_checkout() function interpolates unsanitized git ref names (branch or tag names) into shell commands executed via subprocess.run() with shell=True [1]. This allows an attacker to inject arbitrary commands by creating a branch or tag with shell metacharacters in its name. The vulnerable endpoint is only reachable when GALAXY_ENABLE_LEGACY_ROLES is set to True, which is not the default configuration [2]. Affected versions include galaxy_ng (used in Red Hat Ansible Automation Platform) prior to any patch; no specific version range is disclosed in the available references.

Exploitation

An authenticated user who controls a git repository (e.g., a role repository being imported via the legacy v1 API) can create a branch or tag with shell metacharacters in its name, such as ; malicious_command ;. When the legacy import API triggers a checkout of that reference, the unsanitized name is passed to a shell command, resulting in command execution. No additional user interaction is required beyond the import operation. The attacker must have network access to the pulp worker and authentication credentials with permission to import roles via the v1 API [2].

Impact

Successful exploitation grants the attacker remote code execution on the pulp worker server. This can lead to full compromise of the Ansible Automation Hub's backend, including disclosure of stored secrets, modification of role content, data exfiltration, and further lateral movement within the infrastructure. All three CIA pillars are affected [1].

Mitigation

As of the publication date (2026-06-16), no official patch has been released; the bug is in NEW status per Red Hat's tracking [2]. The primary mitigation is to ensure GALAXY_ENABLE_LEGACY_ROLES is set to False (the default), which disables the vulnerable endpoint entirely. If legacy roles are required, restrict access to the v1 API via network policies or authentication controls to only trusted users. Monitor for updates from Red Hat for a permanent fix [1].

References
  1. cve-details
  2. shell injection in legacy role import via unsanitized git ref names

AI Insight generated on Jun 16, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

0

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

2

News mentions

0

No linked articles in our index yet.