CVE-2026-11837EPSS p2.6%

CVE-2026-11837CVE-2026-11837

Description

A local privilege escalation vulnerability was found in the ansible.posix authorized_key module. The module's keyfile() function uses os.chown() instead of os.lchown() and opens files without O_NOFOLLOW when managing SSH authorized keys. An unprivileged local user can pre-stage symbolic links in their ~/.ssh directory to redirect file ownership changes to arbitrary system paths when an operator runs the authorized_key task as root, leading to local privilege escalation.

Scoring

CVSS 7.3 ()
VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
EPSS0.13% probability of exploitation · percentile 2.6% · 2026-06-19T12:03:05Z
Last modified2026-06-10

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-11332
CVE
CVE-2025-25269
CVE
CVE-2025-5689
CVE
CVE-2025-49520
CVE
CVE-2026-1185
CVE
CVE-2026-39832
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.