CVE-2026-12382

Red Hat · Red Hat Ansible Automation Platform

A flaw in the Red Hat Ansible Automation Platform Gateway Envoy proxy configuration allows for authentication bypass through spoofing.

Executive summary

A critical authentication bypass vulnerability in the Red Hat Ansible Automation Platform Gateway proxy allows unauthenticated attackers to spoof identity, potentially leading to unauthorized system control.

Vulnerability

This is an authentication bypass vulnerability (CWE-290) located in the Envoy proxy configuration of the AAP Gateway. The issue allows remote, unauthenticated attackers to bypass authentication mechanisms by spoofing requests.

Business impact

Successful exploitation allows an attacker to bypass authentication, which could lead to full unauthorized access to the automation platform. With a CVSS score of 8.2, this poses a high risk to the integrity of automated workflows and the security of managed infrastructure across the enterprise.

Remediation

Immediate Action: Apply the vendor-provided security errata (RHSA-2026:13508 or RHSA-2026:13545) immediately to update the AAP Gateway components.

Proactive Monitoring: Monitor proxy logs for unusual traffic patterns or requests that originate from unexpected sources or bypass standard authentication headers.

Compensating Controls: Ensure that the AAP Gateway is not exposed to the public internet and utilize network segmentation to limit access to the management interface.

Exploitation status

Public Exploit Available: No (exploit_available: false)

Analyst recommendation

Given the high impact on integrity and the critical nature of automation platforms, organizations must treat this update with high priority. Apply the provided Red Hat errata as soon as possible to ensure the integrity of your automation environment.