Trust Center
FedRamp YAY
FedRamp YAY
We have a dedicated team that manages security risks. We are happy to provide more details about our risk management practices upon request.
- Does Company give employees time off to vote?
- Which third-party AI/ML providers does your product use?
This is a new update
Tsest
CVE-2026-52902: awxkit Path Traversal Vulnerability
CVE-2026-52902 — Not Affected
Published: June 9, 2026
Severity: Medium (CVSS v3: 4.7)
Summary
A path traversal vulnerability (CVE-2026-52902) was disclosed in awxkit, the CLI tool for AWX — an open-source web-based interface for Ansible. The vulnerability allows a crafted YAML file using the !include directive to read arbitrary YAML-formatted files from the local filesystem when imported via awx --conf.format yaml import.
Our Status: Not Affected
We do not use AWX or awxkit anywhere in our infrastructure, products, or toolchain. This vulnerability is specific to the awxkit CLI tool and requires direct user interaction to trigger — it poses no risk to our systems or our customers' data.
Additional Details
- Attack vector: Local (client-side only)
- User interaction required: Yes
- Scope: Confidentiality impact only; no integrity or availability impact
- References: Red Hat Bugzilla #2486729 · Tenable CVE Entry
No action is required on the part of our customers. Please reach out to our security team at our Trust Center if you have any questions.
Matt's New Test Topic
Here's a new test update