CVE-2026-52902: awxkit Path Traversal Vulnerability
UnsafeBase Logo

Trust Center

background-image
Start your security review
ControlK

Overview

Welcome to UnsafeBase's Trust Center. Our commitment to data privacy and security is embedded in every part of our business. Test Wednesday 2

Our Trust Center has since moved, please visit our new page here.

Test Thursday

Compliance

23 NYCRR 500 Logo
23 NYCRR 500
AI Pact Logo
AI Pact
BBB PRP Logo
BBB PRP
CBPR Logo
CBPR
CIS Controls 8.1 Logo
CIS Controls 8.1
CISA: Secure-by-Design Pledge Logo
CISA: Secure-by-Design Pledge
CSA AI Trustworthy Pledge 2025 Logo
CSA AI Trustworthy Pledge 2025
EU AI Act Logo
EU AI Act
FedRAMP 20x Logo
FedRAMP 20x
GLBA Logo
GLBA
Global CBPR Logo
Global CBPR
Global PRP Logo
Global PRP
Gold Microsoft Partner Logo
Gold Microsoft Partner
GovRAMP Logo
GovRAMP
GPA NRW Logo
GPA NRW
ISO/IEC 27001 Logo
ISO/IEC 27001
ISO/IEC 27001 SoA Logo
ISO/IEC 27001 SoA
ISO/IEC 27001:2013 Logo
ISO/IEC 27001:2013
ISO/IEC 27001:2022 Logo
ISO/IEC 27001:2022
ISO/IEC 27017:2015 Logo
ISO/IEC 27017:2015
ISO/IEC 27018:2019 Logo
ISO/IEC 27018:2019
ISO/IEC 27701 Logo
ISO/IEC 27701
ISO/IEC 27701:2019 Logo
ISO/IEC 27701:2019
JOSCAR Logo
JOSCAR
NIST 800-53 Rev. 5 Logo
NIST 800-53 Rev. 5
OACIQ ESign Logo
OACIQ ESign
PCI DSS v4.0.1 Logo
PCI DSS v4.0.1
SOC 2 Logo
SOC 2
SOC 2 Type 2 Logo
SOC 2 Type 2
WCAG 2.2 AA Logo
WCAG 2.2 AA
CCCS Logo
CCCS
CCCS - CSP ITS Logo
CCCS - CSP ITS
Cloud Security Guidance Logo
Cloud Security Guidance
FICAM Logo
FICAM
GDPR Logo
GDPR
NIST 800-207 Logo
NIST 800-207
MCA India Logo
MCA India

Documents

COMPLIANCESOC 2 Type 2

icon

Product Security

icon

Risk Profile

icon

Data Security

icon

Reports

icon

App Security

icon

AI

icon

ESG

Legal

Data Privacy

Access Control

Other Products

Network Security

ESG

Policies

Security Grades

FedRamp YAY

We have a dedicated team that manages security risks. We are happy to provide more details about our risk management practices upon request.

icon

Custom Asset Management

Training

Knowledge Base (FAQ)
  • Does Company give employees time off to vote?
  • Which third-party AI/ML providers does your product use?
View more
Trust Center Updates

This is a new update

Copy link
Compliance

Tsest

CVE-2026-52902: awxkit Path Traversal Vulnerability

Copy link
Vulnerabilities

CVE-2026-52902 — Not Affected

Published: June 9, 2026
Severity: Medium (CVSS v3: 4.7)

Summary

A path traversal vulnerability (CVE-2026-52902) was disclosed in awxkit, the CLI tool for AWX — an open-source web-based interface for Ansible. The vulnerability allows a crafted YAML file using the !include directive to read arbitrary YAML-formatted files from the local filesystem when imported via awx --conf.format yaml import.

Our Status: Not Affected

We do not use AWX or awxkit anywhere in our infrastructure, products, or toolchain. This vulnerability is specific to the awxkit CLI tool and requires direct user interaction to trigger — it poses no risk to our systems or our customers' data.

Additional Details

No action is required on the part of our customers. Please reach out to our security team at our Trust Center if you have any questions.

Matt's New Test Topic

Copy link
General

Here's a new test update

If you need help using this Trust Center, please contact us.
Contact support
If you think you may have discovered a vulnerability, please send us a note.
Report issue