CVE-2026-12382
Aap-gateway: missing requestheaderstoremove allows mtls bypass via subject header spoofing
CVSS Score
8.2
EPSS Score
0.0%
EPSS Percentile
0th
A flaw was found in the AAP Gateway Envoy proxy configuration. The non-mTLS route to EDA event streams does not remove the Subject HTTP header from client requests, despite the source code defining requestHeadersToRemove for this header. An unauthenticated remote attacker can inject a spoofed Subject header matching a legitimate client certificate DN to bypass mTLS authentication and inject arbitrary events into protected EDA event streams.
| CWE | CWE-290 |
| Vendor | red hat |
| Product | red hat ansible automation platform 2.6 for rhel 9 |
| Published | Jul 15, 2026 |
| Last Updated | Jul 16, 2026 |
Stay Ahead of the Next One
Get instant alerts for red hat red hat ansible automation platform 2.6 for rhel 9
Be the first to know when new high vulnerabilities affecting red hat red hat ansible automation platform 2.6 for rhel 9 are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
High
Availability
None
Affected Versions
Red Hat / Red Hat Ansible Automation Platform 2.6 for RHEL 9
All versions affected Red Hat / Red Hat Ansible Automation Platform 2
All versions affected References
Credits
This issue was discovered by Chris Meyers (Red Hat).