Introduction
A missing two character delimiter in a git clone command invocation within ansible-core opens the door to arbitrary code execution on any machine that installs a malicious Ansible Galaxy role. CVE-2026-11332, scored at CVSS 7.8 (High) and rated "Important" by Red Hat, turns the routine ansible-galaxy role install workflow into a supply chain attack vector where a crafted meta/requirements.yml file can inject arbitrary git configuration flags.
With approximately 110 verified companies using Red Hat Ansible Automation Platform across industries and geographies, and the broader network automation market projected to reach $50.5 billion by 2035, the potential blast radius of this vulnerability spans enterprise IT automation environments globally.
Technical Information
Root Cause: Missing End of Options Delimiter
CVE-2026-11332 is classified under CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection'). As defined by MITRE, this weakness occurs when a product constructs a string for a command to be executed by a separate component but does not properly delimit the intended arguments, options, or switches within that command string. This is distinct from OS command injection (CWE-78) because argument injection introduces new options or switches to an existing command rather than injecting entirely new commands.
The flaw resides in ansible-core's ansible-galaxy role install command. When a user installs a role, the command processes dependency specifications from the role's meta/requirements.yml file. The src and name fields from these dependency entries are passed directly as arguments to git clone via Python's Popen without a -- separator to delimit command options from positional arguments. The absence of the -- end of options delimiter means that any content in the src field that begins with a dash (-) will be interpreted as a git command line flag rather than as a repository URL.
The -- separator is a standard POSIX convention that signals the end of command line options, ensuring that all subsequent arguments are treated as positional parameters rather than flags. Its omission is the entire root cause.
Attack Flow
The attack proceeds through the following steps:
-
Malicious Role Creation: An attacker crafts an Ansible role and publishes it to Ansible Galaxy or hosts it in a git repository. The role contains a
meta/requirements.ymlfile with a poisonedsrcfield. -
Dependency Specification Poisoning: The
srcfield contains a git configuration flag such as-ccore.sshCommand=sh -c "malicious_command", while thenamefield provides a valid repository URL. Thecore.sshCommandgit configuration option is particularly dangerous because it allows specifying an arbitrary command to be executed instead of the default SSH binary. -
Victim Installation: A victim runs
ansible-galaxy role installto install the malicious role directly, or installs any role that transitively depends on the malicious role through its ownmeta/requirements.ymldependency chain. -
Flag Injection During git clone: When ansible-core processes the dependency, it constructs a
git clonecommand viaPopen. Because no--separator exists between the flags and positional arguments, the injected-ccore.sshCommandcontent is interpreted by git as a legitimate configuration option. -
Arbitrary Code Execution: The injected
core.sshCommandvalue causes git to execute the attacker specified command with the privileges of the ansible process, achieving full arbitrary code execution on the victim's machine.
Exploitation Prerequisites
The attack vector is network based, as the malicious role is distributed via Ansible Galaxy or a git repository. No authentication is needed to publish a role, but user interaction is required: the victim must run ansible-galaxy role install on a role containing the malicious dependency. The attack complexity is considered high because it requires crafting a role with specific meta/requirements.yml content and convincing a user to install it, or positioning the malicious role as a transitive dependency of a popular role.
Despite the social engineering requirement, the impact upon successful exploitation is total system compromise: high confidentiality, integrity, and availability impact through arbitrary code execution.
Supply Chain Amplification
The supply chain dimension of this vulnerability is significant. A single compromised role that gains popularity on Ansible Galaxy could affect thousands of downstream users through transitive dependencies. Organizations that routinely install community roles as part of their automation workflows face the highest risk, as the malicious payload would execute automatically during the dependency resolution phase of role installation.
Historical Precedent
This class of vulnerability is well documented. CVE-2022-36069 affected a Python based dependency management tool where git command construction allowed injection of optional arguments beginning with a dash (CWE-88). CVE-2016-10033 demonstrated argument injection in a mail processing function that allowed writing unexpected files and executing programs using technically valid email addresses that inserted -o and -X switches. These precedents confirm that argument injection via missing -- delimiters is a repeatable and well understood attack pattern, increasing the likelihood that CVE-2026-11332 will be weaponized.
Affected Systems and Versions
The vulnerability affects ansible-core, specifically the ansible-galaxy role install command's processing of meta/requirements.yml dependency specifications. As of the disclosure date (2026-06-05), the Bugzilla entry (bug 2485379) lists the "Fixed In Version" field as blank and the bug status as NEW, indicating that no patched version has been formally released.
Red Hat has issued security advisory RHSA-2026:11332 related to this CVE. Additionally, RHSA-2026:13508 addresses security vulnerabilities in Red Hat Ansible Automation Platform 2.6. A Tenable plugin (Nessus ID 315971) has been published for Fedora 45 covering ansible and ansible-core.
Organizations should monitor Red Hat advisory channels and the ansible-core release schedule for the next Z release (which follows a 4 week patch cadence) that incorporates the fix.
Vendor Security History
Red Hat maintains a dedicated vulnerability management process for Ansible Automation Platform, documented in their official blog on assessing Ansible vulnerabilities. The company publishes a comprehensive Ansible Automation Platform CVEs Addressed Report tracking all security vulnerabilities across the platform. Red Hat's security response process is coordinated through [email protected] and tracked via Bugzilla entries with assigned severity ratings.
Red Hat has previously issued security advisories for Ansible related vulnerabilities, including RHSA-2026:13508, which addressed security vulnerabilities in Ansible Automation Platform 2.6 with a CRITICAL severity rating per third party vulnerability intelligence. The ansible-core project follows a regular 4 week patch cadence for security fixes, demonstrating a structured approach to vulnerability response.
The broader pattern of CWE-88 vulnerabilities in dependency management tooling (CVE-2022-36069 in a Python dependency manager, CVE-2016-10033 in mail processing) suggests this is a systemic issue in software that constructs subprocess commands from user controlled input, not a problem unique to Ansible's development practices.
References
- NVD Entry for CVE-2026-11332
- Red Hat CVE Page for CVE-2026-11332
- Red Hat Bugzilla Bug 2485379
- Ansible GitHub Repository
- RHSA-2026:11332 Security Advisory
- RHSA-2026:13508 Security Advisory
- CWE-88: Improper Neutralization of Argument Delimiters
- SonarSource: Argument Injection Explained
- CWE-141: Improper Neutralization of Parameter/Argument Delimiters
- Ansible Automation Platform CVEs Addressed Report
- Assessing Red Hat Ansible Automation Platform Vulnerabilities
- Ansible Releases and Maintenance Documentation
- Tenable Nessus Plugin 315971 for Fedora 45
- CISA Known Exploited Vulnerabilities Catalog
- Mondoo Vulnerability Intelligence: RHSA-2026:13508



