CVE-2026-0598
Ansible-lightspeed: broken object level authorization leading to cross-user ai conversation context injection in ansible lightspeed api
CVSS Score
4.2
EPSS Score
0.0%
EPSS Percentile
2th
A security flaw was identified in the Ansible Lightspeed API conversation endpoints that handle AI chat interactions. The APIs do not properly verify whether a conversation identifier belongs to the authenticated user making the request. As a result, an attacker with valid credentials could access or influence conversations owned by other users. This exposes sensitive conversation data and allows unauthorized manipulation of AI-generated outputs.
| CWE | CWE-283 |
| Vendor | red hat |
| Product | red hat ansible automation platform 2.6 |
| Published | Feb 6, 2026 |
| Last Updated | May 4, 2026 |
Stay Ahead of the Next One
Get instant alerts for red hat red hat ansible automation platform 2.6
Be the first to know when new medium vulnerabilities affecting red hat red hat ansible automation platform 2.6 are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None
Affected Versions
Red Hat / Red Hat Ansible Automation Platform 2.6
All versions affected Red Hat / Red Hat Ansible Automation Platform 2
All versions affected Red Hat / Red Hat Ansible Automation Platform 2
All versions affected Red Hat / Red Hat Ansible Automation Platform 2
All versions affected Red Hat / Red Hat Ansible Automation Platform 2
All versions affected Red Hat / Red Hat Ansible Automation Platform 2
All versions affected Red Hat / Red Hat Ansible Automation Platform 2
All versions affected Red Hat / Red Hat Ansible Automation Platform 2
All versions affected Red Hat / Red Hat Ansible Automation Platform 2
All versions affected Red Hat / Red Hat Ansible Automation Platform 2
All versions affected Red Hat / Red Hat Ansible Automation Platform 2
All versions affected Red Hat / Red Hat Ansible Automation Platform 2
All versions affected Red Hat / Red Hat Ansible Automation Platform 2
All versions affected Red Hat / Red Hat Ansible Automation Platform 2
All versions affected Red Hat / Red Hat Ansible Automation Platform 2
All versions affected Red Hat / Red Hat Ansible Automation Platform 2
All versions affected Red Hat / Red Hat Ansible Automation Platform 2
All versions affected Red Hat / Red Hat Ansible Automation Platform 2
All versions affected Red Hat / Red Hat Ansible Automation Platform 2
All versions affected Red Hat / Red Hat Ansible Automation Platform 2
All versions affected Red Hat / Red Hat Ansible Automation Platform 2
All versions affected Red Hat / Red Hat Ansible Automation Platform 2
All versions affected Red Hat / Red Hat Ansible Automation Platform 2
All versions affected Red Hat / Red Hat Ansible Automation Platform 2
All versions affected Red Hat / Red Hat Ansible Automation Platform 2
All versions affected Red Hat / Red Hat Ansible Automation Platform 2
All versions affected Red Hat / Red Hat Ansible Automation Platform 2
All versions affected Red Hat / Red Hat Ansible Automation Platform 2
All versions affected Red Hat / Red Hat Ansible Automation Platform 2
All versions affected Red Hat / Red Hat Ansible Automation Platform 2
All versions affected Red Hat / Red Hat Ansible Automation Platform 2
All versions affected Red Hat / Red Hat Ansible Automation Platform 2
All versions affected Red Hat / Red Hat Ansible Automation Platform 2
All versions affected Red Hat / Red Hat Ansible Automation Platform 2
All versions affected References
Credits
Red Hat would like to thank Laura Pardo (RedHat) for reporting this issue.