QSearchQSearch

CVE-2021-3583

7.1 HIGH

A flaw was found in Ansible, where a user's controller is vulnerable to template injection

Published: 2021-09-22 · Last updated: 2026-06-17

Severity and scoring

CVSS
7.1 HIGH
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
CWE
CWE-20, CWE-94

Affected products

VendorProduct
redhatansible_automation_platform, ansible_engine, ansible_tower

Description

A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special template characters. This flaw allows attackers to perform command injection, which discloses sensitive information. The highest threat from this vulnerability is to confidentiality and integrity.

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2026-1767 A flaw was found in the GNOME localsearch (previously known as tracker-miners) MP3 Extractor `tracker-extract-mp3` component (5.6 MEDIUM)
  • CVE-2026-1766 A flaw was found in GNOME localsearch (previously known as tracker-miners) MP3 Extractor, specifically within the tracker-extract-mp3 com... (5.6 MEDIUM)
  • CVE-2026-11793 A stack buffer overflow flaw was found in 389 Directory Server (4.9 MEDIUM)
  • CVE-2026-11790 A flaw was found in 389 Directory Server (4.9 MEDIUM)
  • CVE-2026-11789 A flaw was found in 389 Directory Server (4.9 MEDIUM)

Same CWE

  • CVE-2026-24155 NVIDIA NeMo Framework for all platforms contains a code injection vulnerability (7.8 HIGH)
  • CVE-2026-49774 Improper Control of Generation of Code ('Code Injection') vulnerability in Filipe Nasc RD Station allows Remote Code Inclusion (9.9 CRITICAL)
  • CVE-2026-48017 DbGate is cross-platform database manager (8.8 HIGH)
  • CVE-2026-48836 Unauthenticated Remote Code Execution (RCE) in Easy Invoice <= 2.1.19 versions (10.0 CRITICAL)
  • CVE-2026-48124 Cursor is a code editor built for programming with AI