Ansible-collection-ansible-posix: ansible.posix authorized_key: local privilege escalation via symlink-following chown
CVE-2026-11837

7.3HIGH

Key Information:

Vendor: Red Hat
Status: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9; Red Hat Openstack Platform 17.1
Vendor: CVE Published:; 10 June 2026

What is CVE-2026-11837?

A local privilege escalation vulnerability was found in the ansible.posix authorized_key module. The module's keyfile() function uses os.chown() instead of os.lchown() and opens files without O_NOFOLLOW when managing SSH authorized keys. An unprivileged local user can pre-stage symbolic links in their ~/.ssh directory to redirect file ownership changes to arbitrary system paths when an operator runs the authorized_key task as root, leading to local privilege escalation.

References

https://access.redhat.com/security/cve/CVE-2026-11837

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2487424

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 10, 2026
Vulnerability Reserved
Jun 10, 2026

CVE-2026-11837 Data

JSON

Red Hat

What is CVE-2026-11837?

References

CVSS V3.1

Timeline