Red Hat Ansible Lightspeed API Auth Bypass on Conversation IDs
CVE-2026-0598 Published on February 6, 2026

Ansible-lightspeed: broken object level authorization leading to cross-user ai conversation context injection in ansible lightspeed api
A security flaw was identified in the Ansible Lightspeed API conversation endpoints that handle AI chat interactions. The APIs do not properly verify whether a conversation identifier belongs to the authenticated user making the request. As a result, an attacker with valid credentials could access or influence conversations owned by other users. This exposes sensitive conversation data and allows unauthorized manipulation of AI-generated outputs.

NVD

Vulnerability Analysis

CVE-2026-0598 is exploitable with network access, and requires small amount of user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

Attack Vector:

NETWORK

Attack Complexity:

HIGH

Privileges Required:

LOW

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

LOW

Integrity Impact:

LOW

Availability Impact:

NONE

Timeline

2026-01-05

Reported to Red Hat.

2026-02-06

Made public. 32 days later.

Weakness Type

Unverified Ownership

The software does not properly verify that a critical resource is owned by the proper entity.

Products Associated with CVE-2026-0598

Want to know whenever a new CVE is published for Red Hat Ansible Automation Platform? stack.watch will email you.

Red Hat Ansible Automation Platform

Affected Versions

Red Hat Ansible Automation Platform 2: Red Hat Ansible Automation Platform 2: Red Hat Ansible Automation Platform 2: Red Hat Ansible Automation Platform 2: Red Hat Ansible Automation Platform 2: Red Hat Ansible Automation Platform 2: Red Hat Ansible Automation Platform 2: Red Hat Ansible Automation Platform 2: Red Hat Ansible Automation Platform 2: Red Hat Ansible Automation Platform 2: Red Hat Ansible Automation Platform 2: Red Hat Ansible Automation Platform 2: Red Hat Ansible Automation Platform 2: Red Hat Ansible Automation Platform 2: Red Hat Ansible Automation Platform 2: Red Hat Ansible Automation Platform 2: Red Hat Ansible Automation Platform 2: Red Hat Ansible Automation Platform 2: Red Hat Ansible Automation Platform 2: Red Hat Ansible Automation Platform 2: Red Hat Ansible Automation Platform 2: Red Hat Ansible Automation Platform 2: Red Hat Ansible Automation Platform 2: Red Hat Ansible Automation Platform 2: Red Hat Ansible Automation Platform 2: Red Hat Ansible Automation Platform 2: Red Hat Ansible Automation Platform 2: Red Hat Ansible Automation Platform 2: Red Hat Ansible Automation Platform 2: Red Hat Ansible Automation Platform 2: Red Hat Ansible Automation Platform 2: Red Hat Ansible Automation Platform 2: Red Hat Ansible Automation Platform 2: Red Hat Ansible Automation Platform 2:

Exploit Probability

EPSS

0.01%

Percentile

0.82%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Red Hat Ansible Lightspeed API Auth Bypass on Conversation IDsCVE-2026-0598 Published on February 6, 2026