CVE-2026-6494
Log Injection Vulnerability in AAP MCP Server Enables Log Forgery
Publication date: 2026-04-17
Last updated on: 2026-04-17
Assigner: Red Hat, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| redhat | aap_mcp_server | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-117 | The product constructs a log message from external input, but it does not neutralize or incorrectly neutralizes special elements when the message is written to a log file. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a log injection flaw found in the AAP MCP server. An unauthenticated remote attacker can exploit it by sending specially crafted input to the 'toolsetroute' parameter. Because this parameter is not properly sanitized before being written to logs, the attacker can inject control characters such as newlines and ANSI escape sequences.
This injection allows the attacker to obscure legitimate log entries and insert forged ones, potentially misleading operators who review the logs.
Such manipulation could facilitate social engineering attacks, possibly causing an operator to execute dangerous commands or visit malicious URLs.
How can this vulnerability impact me? :
The vulnerability can impact you by allowing an attacker to manipulate log files, hiding their malicious activities and inserting fake log entries.
This can lead to social engineering attacks where operators might be tricked into executing harmful commands or accessing malicious websites.
Overall, it undermines the integrity and reliability of log data, which is critical for monitoring and incident response.