CVE-2026-6266
Account Hijacking via Email Matching in AAP Gateway
Publication date: 2026-05-04
Last updated on: 2026-05-04
Assigner: Red Hat, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| redhat | aap | 2.6 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-305 | The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the AAP gateway's user auto-link strategy introduced in AAP 2.6. It automatically links an external Identity Provider (IDP) identity to an existing AAP user account based solely on matching email addresses without verifying that the user actually owns the email. Because of this, a remote attacker can manipulate the IDP-provided email to hijack a victim's account or gain unauthorized access to other accounts, including administrative ones.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows a remote attacker to hijack user accounts or gain unauthorized access, including to administrative accounts, by exploiting the automatic linking of external Identity Provider identities without verifying email ownership.
Such unauthorized access could lead to exposure or misuse of sensitive personal or health information, potentially violating data protection regulations such as GDPR or HIPAA that require strict access controls and protection of personal data.
Therefore, this flaw could negatively impact compliance with these standards by undermining the confidentiality and integrity of protected data.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized access to user accounts, including administrative accounts, by allowing attackers to hijack accounts through email manipulation. This can result in compromised data, unauthorized actions within the system, and potential disruption of services.