{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-6494", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2026-04-17T08:07:26.403Z", "datePublished": "2026-04-17T08:18:50.757Z", "dateUpdated": "2026-04-17T08:18:50.757Z"}, "containers": {"cna": {"title": "Aap-mcp-server: aap mcp server: log injection allows social engineering attacks via unsanitized input", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in the AAP MCP server. An unauthenticated remote attacker can exploit a log injection vulnerability by sending specially crafted input to the `toolsetroute` parameter. This parameter is not properly sanitized before being written to logs, allowing the attacker to inject control characters such as newlines and ANSI escape sequences. This enables the attacker to obscure legitimate log entries and insert forged ones, which could facilitate social engineering attacks, potentially leading to an operator executing dangerous commands or visiting malicious URLs."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat Ansible Automation Platform 2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "ansible-automation-platform-tech-preview/mcp-server-rhel9", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:ansible_automation_platform:2"]}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-6494", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2459131", "name": "RHBZ#2459131", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2026-04-17T00:00:00.000Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-117", "description": "Improper Output Neutralization for Logs", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-117: Improper Output Neutralization for Logs", "timeline": [{"lang": "en", "time": "2026-04-17T07:28:43.935Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-04-17T00:00:00.000Z", "value": "Made public."}], "credits": [{"lang": "en", "value": "This issue was discovered by Melissa Ing, Oleg Sushchenko, Jon Weiser (Red Hat)."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-04-17T08:18:50.757Z"}, "x_generator": {"engine": "cvelib 1.8.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in the AAP MCP server. An unauthenticated remote attacker can exploit a log injection vulnerability by sending specially crafted input to the `toolsetroute` parameter. This parameter is not properly sanitized before being written to logs, allowing the attacker to inject control characters such as newlines and ANSI escape sequences. This enables the attacker to obscure legitimate log entries and insert forged ones, which could facilitate social engineering attacks, potentially leading to an operator executing dangerous commands or visiting malicious URLs."}], "id": "CVE-2026-6494", "lastModified": "2026-04-17T15:07:18.050", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "secalert@redhat.com", "type": "Primary"}]}, "published": "2026-04-17T09:16:05.600", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/security/cve/CVE-2026-6494"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2459131"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-117"}], "source": "secalert@redhat.com", "type": "Primary"}]}

{"acknowledgement": "This issue was discovered by Melissa Ing, Oleg Sushchenko, Jon Weiser (Red Hat).", "bugzilla": {"description": "aap-mcp-server: AAP MCP server: Log injection allows social engineering attacks via unsanitized input", "id": "2459131", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2459131"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "draft"}, "cwe": "CWE-117", "details": ["A flaw was found in the AAP MCP server. An unauthenticated remote attacker can exploit a log injection vulnerability by sending specially crafted input to the `toolsetroute` parameter. This parameter is not properly sanitized before being written to logs, allowing the attacker to inject control characters such as newlines and ANSI escape sequences. This enables the attacker to obscure legitimate log entries and insert forged ones, which could facilitate social engineering attacks, potentially leading to an operator executing dangerous commands or visiting malicious URLs."], "name": "CVE-2026-6494", "package_state": [{"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-tech-preview/mcp-server-rhel9", "product_name": "Red Hat Ansible Automation Platform 2"}], "public_date": "2026-04-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-6494\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-6494"], "threat_severity": "Moderate"}

{"analysis": {"en": {"generated_at": "2026-04-17T10:50:56.456291+00:00", "value": {"mitigation_remediation": ["Update Red\u00a0Hat Ansible Automation Platform to the latest version that includes the log\u2011sanitization fix.", "Implement input validation to strip or escape control characters before logging the toolsetroute parameter, or disable logging of that parameter if possible.", "Continuously monitor application logs for unexpected control characters or inserted entries that may indicate an active log\u2011injection attempt."], "summary": {"action": "Apply Patch", "impact": "Log Injection Social Engineering"}, "threat_synthesis": {"affected_systems": "Red\u00a0Hat Ansible Automation Platform\u202f2 is affected; no specific version numbers were provided.", "description_and_impact": "A flaw in the AAP MCP Server allows an unauthenticated remote attacker to send crafted input to a specific parameter that is logged without proper sanitization. This log injection can insert newlines and ANSI escape sequences, obscuring legitimate log entries and inserting forged ones. The resulting confusion can lead an operator to execute inappropriate commands or follow malicious URLs, effectively enabling social engineering attacks. The weakness corresponds to improper output handling (CWE\u2011117).", "risk_and_exploitability": "The vulnerability has a CVSS score of 5.3, indicating moderate severity. No EPSS score is available, and it is not listed in the CISA KEV catalog. The attack requires no authentication and relies solely on sending malicious input to the toolsetroute parameter from a remote host, making the risk moderate but realistic. Current public exploitation evidence is lacking, but the potential for social engineering through log manipulation warrants timely remediation."}}}}, "created": "2026-04-17T11:00:13.713253+00:00", "updated": "2026-04-17T11:00:13.713263+00:00", "vendors": []}