CVE-2026-11837

7.3 HIGH

A local privilege escalation vulnerability was found in the ansible.posix authorized_key module

Published: 2026-06-10 · Last updated: 2026-06-10

Severity and scoring

CVSS: 7.3 HIGH
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-59

Description

A local privilege escalation vulnerability was found in the ansible.posix authorized_key module. The module's keyfile() function uses os.chown() instead of os.lchown() and opens files without O_NOFOLLOW when managing SSH authorized keys. An unprivileged local user can pre-stage symbolic links in their ~/.ssh directory to redirect file ownership changes to arbitrary system paths when an operator runs the authorized_key task as root, leading to local privilege escalation.

Source: NVD

References

Related CVEs

Same CWE

CVE-2026-50511 — Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privilege... (7.8 HIGH)
CVE-2026-44275 — Dell/Alienware Purchased Apps, versions prior to 1.1.32.0, contain an Improper Link Resolution Before File Access ('Link Following') vuln... (6.3 MEDIUM)
CVE-2026-45586 — Improper link resolution before file access ('link following') in Windows Collaborative Translation Framework allows an authorized attack... (7.8 HIGH)
CVE-2026-45491 — Improper link resolution before file access ('link following') in .NET allows an unauthorized attacker to perform tampering locally (6.2 MEDIUM)
CVE-2026-42989 — Improper link resolution before file access ('link following') in Winlogon allows an authorized attacker to elevate privileges locally (7.8 HIGH)