๐Ÿ” CVE Alert

CVE-2026-12382

HIGH 8.2

Aap-gateway: missing requestheaderstoremove allows mtls bypass via subject header spoofing

CVSS Score
8.2
EPSS Score
0.0%
EPSS Percentile
0th

A flaw was found in the AAP Gateway Envoy proxy configuration. The non-mTLS route to EDA event streams does not remove the Subject HTTP header from client requests, despite the source code defining requestHeadersToRemove for this header. An unauthenticated remote attacker can inject a spoofed Subject header matching a legitimate client certificate DN to bypass mTLS authentication and inject arbitrary events into protected EDA event streams.

CWE CWE-290
Vendor red hat
Product red hat ansible automation platform 2.6 for rhel 9
Published Jul 15, 2026
Last Updated Jul 16, 2026
Stay Ahead of the Next One

Get instant alerts for red hat red hat ansible automation platform 2.6 for rhel 9

Be the first to know when new high vulnerabilities affecting red hat red hat ansible automation platform 2.6 for rhel 9 are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
High
Availability
None

Affected Versions

Red Hat / Red Hat Ansible Automation Platform 2.6 for RHEL 9
All versions affected
Red Hat / Red Hat Ansible Automation Platform 2
All versions affected

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
access.redhat.com: https://access.redhat.com/errata/RHSA-2026:13508 access.redhat.com: https://access.redhat.com/security/cve/CVE-2026-12382 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2489126

Credits

This issue was discovered by Chris Meyers (Red Hat).