CVE-2026-12382
Red Hat · Red Hat Ansible Automation Platform
A flaw in the Red Hat Ansible Automation Platform Gateway Envoy proxy configuration allows for authentication bypass through spoofing.
Executive summary
A critical authentication bypass vulnerability in the Red Hat Ansible Automation Platform Gateway proxy allows unauthenticated attackers to spoof identity, potentially leading to unauthorized system control.
Vulnerability
This is an authentication bypass vulnerability (CWE-290) located in the Envoy proxy configuration of the AAP Gateway. The issue allows remote, unauthenticated attackers to bypass authentication mechanisms by spoofing requests.
Business impact
Successful exploitation allows an attacker to bypass authentication, which could lead to full unauthorized access to the automation platform. With a CVSS score of 8.2, this poses a high risk to the integrity of automated workflows and the security of managed infrastructure across the enterprise.
Remediation
Immediate Action: Apply the vendor-provided security errata (RHSA-2026:13508 or RHSA-2026:13545) immediately to update the AAP Gateway components.
Proactive Monitoring: Monitor proxy logs for unusual traffic patterns or requests that originate from unexpected sources or bypass standard authentication headers.
Compensating Controls: Ensure that the AAP Gateway is not exposed to the public internet and utilize network segmentation to limit access to the management interface.
Exploitation status
Public Exploit Available: No (exploit_available: false)
Analyst recommendation
Given the high impact on integrity and the critical nature of automation platforms, organizations must treat this update with high priority. Apply the provided Red Hat errata as soon as possible to ensure the integrity of your automation environment.