Trust Center
23 NYCRR 500
AI Pact
BBB PRP
CBPR
CIS Controls 8.1
CISA: Secure-by-Design Pledge
CSA AI Trustworthy Pledge 2025
EU AI Act
FedRAMP 20x
GLBA- Global CBPR
- Global PRP
Gold Microsoft Partner
GovRAMP
GPA NRW
ISO/IEC 27001- ISO/IEC 27001 SoA
ISO/IEC 27001:2013- ISO/IEC 27001:2022
ISO/IEC 27017:2015
ISO/IEC 27018:2019
ISO/IEC 27701- ISO/IEC 27701:2019
JOSCAR
NIST 800-53 Rev. 5
OACIQ ESign
PCI DSS v4.0.1
SOC 2- SOC 2 Type 2
WCAG 2.2 AA
CCCS- CCCS - CSP ITS
Cloud Security Guidance
CPSTIC Prod High
FICAM
GDPR- NIST 800-207
MCA India
FedRamp YAY
FedRamp YAY
We have a dedicated team that manages security risks. We are happy to provide more details about our risk management practices upon request.
- Does Company give employees time off to vote?
- Which third-party AI/ML providers does your product use?
This is a new update
Tsest
CVE-2026-52902: awxkit Path Traversal Vulnerability
CVE-2026-52902 — Not Affected
Published: June 9, 2026
Severity: Medium (CVSS v3: 4.7)
Summary
A path traversal vulnerability (CVE-2026-52902) was disclosed in awxkit, the CLI tool for AWX — an open-source web-based interface for Ansible. The vulnerability allows a crafted YAML file using the !include directive to read arbitrary YAML-formatted files from the local filesystem when imported via awx --conf.format yaml import.
Our Status: Not Affected
We do not use AWX or awxkit anywhere in our infrastructure, products, or toolchain. This vulnerability is specific to the awxkit CLI tool and requires direct user interaction to trigger — it poses no risk to our systems or our customers' data.
Additional Details
- Attack vector: Local (client-side only)
- User interaction required: Yes
- Scope: Confidentiality impact only; no integrity or availability impact
- References: Red Hat Bugzilla #2486729 · Tenable CVE Entry
No action is required on the part of our customers. Please reach out to our security team at our Trust Center if you have any questions.
Matt's New Test Topic
Here's a new test update