AN alert has been issued regarding a critical vulnerability in the Red Hat Ansible Automation Platform, identified as CVE-2026-11807, which has a CVSS score of 9.6. The flaw allows unauthorized credential access through a websocket API due to missing authorization checks. It affects versions 2.5 and 2.6 of the platform, enabling authenticated users to disclose sensitive information like OAuth tokens and SSH keys without proper permissions.
Red Hat has provided patches, and users are advised to update their software immediately to mitigate the risk. Currently, there are no reported active exploitations.