Improper Access Control in Ansible Lightspeed API by Red Hat
CVE-2026-0598

4.2MEDIUM

Key Information:

Vendor: Red Hat
Status: Red Hat Ansible Automation Platform 2
Vendor: CVE Published:; 6 February 2026

What is CVE-2026-0598?

A security flaw has been discovered in the Ansible Lightspeed API, specifically affecting its conversation endpoints that manage AI chat interactions. The vulnerability arises from insufficient validation of conversation identifiers, allowing an attacker with legitimate credentials to access or manipulate conversations that belong to other users. This oversight compromises the confidentiality of sensitive conversation data and potentially enables unauthorized alterations to AI-generated outputs, posing a significant risk to user privacy and data security.

References

https://access.redhat.com/security/cve/CVE-2026-0598

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2427094

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

4.2

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 6, 2026
Vulnerability Reserved
Jan 5, 2026

Credit

Red Hat would like to thank Laura Pardo (RedHat) for reporting this issue.

CVE-2026-0598 Data

JSON