CVE Catalog

CVE-2026-52902

MediumCVSS 4.7
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.12%

2th percentile - higher than 2% of all known CVEs

Summary

A path traversal vulnerability was found in awxkit, the CLI tool for AWX. The YAML !include directive does not sanitize file paths, allowing an attacker to craft a malicious YAML file that reads arbitrary YAML-formatted files from the local filesystem when a user imports it using 'awx --conf.format yaml import'.

Risk Assessment

This vulnerability poses a risk that a malicious YAML file could be imported by a user, leading to unauthorized access to data on the local filesystem.

Recommendation

It is recommended that users avoid importing YAML files from untrusted sources and update awxkit to the latest version that addresses this vulnerability.

Original NVD description (English source)

A path traversal vulnerability was found in awxkit, the CLI tool for AWX. The YAML !include directive does not sanitize file paths, allowing an attacker to craft a malicious YAML file that reads arbitrary YAML-formatted files from the local filesystem when a user imports it using "awx --conf.format yaml import". This is a client-side vulnerability requiring user interaction.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS