Executive Summary

CVE-2026-52902 is a path traversal vulnerability found in awxkit, the command-line interface tool for AWX. It specifically affects the YAML !include directive, which does not properly sanitize file paths. This allows an attacker to craft a malicious YAML file that, when imported by a user using the command "awx --conf.format yaml import", can read arbitrary YAML-formatted files from the local filesystem.

The vulnerability arises because the function handling the !include directive constructs file paths without proper checks, enabling path traversal attacks. This is a client-side vulnerability that requires user interaction, meaning the user must import the malicious YAML file for the attack to succeed.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can impact you by allowing an attacker to read arbitrary YAML-formatted files from your local filesystem if you import a malicious YAML file using awxkit. This could lead to unauthorized disclosure of sensitive configuration or data files accessible to the user running the tool.

However, the attack surface is limited because it is a client-side vulnerability requiring user interaction, and it only affects YAML imports (not the default JSON format). Additionally, API field validations limit the potential for data exfiltration.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability is a client-side issue that requires user interaction by importing a malicious YAML file using the command "awx --conf.format yaml import". Detection involves monitoring for usage of this specific command with YAML import format and inspecting YAML files for malicious !include directives that attempt path traversal.

You can check for suspicious imports by reviewing command history or logs for the following command usage:

• grep 'awx --conf.format yaml import' ~/.bash_history
• Audit YAML files being imported for !include directives with unexpected or absolute file paths.

Since the vulnerability exploits the lack of sanitization in file paths within the YAML !include directive, scanning YAML files for !include tags that contain path traversal patterns (e.g., '../') can help detect potential malicious files.

Useful 0 Not Useful 0

Mitigation Strategies

To mitigate this vulnerability, avoid importing YAML files using the "awx --conf.format yaml import" command from untrusted sources, as the vulnerability requires user interaction with a malicious YAML file.

Use JSON format for imports instead of YAML, since the vulnerability only affects YAML-formatted imports.

Ensure that users are educated about the risks of importing YAML files from untrusted or unknown sources.

Monitor for updates or patches from the vendor addressing this issue and apply them promptly once available.

Useful 0 Not Useful 0

Compliance Impact

The vulnerability allows an attacker to read arbitrary YAML-formatted files from the local filesystem by tricking a user into importing a malicious YAML file. This could potentially lead to unauthorized access to sensitive data stored on the client system.

Since the vulnerability involves unauthorized reading of files, it may pose risks related to data confidentiality, which is a key concern in compliance with standards like GDPR and HIPAA. However, the attack requires user interaction and is limited to client-side exploitation, which may reduce the likelihood of large-scale data breaches.

No explicit information is provided about direct impacts on compliance or regulatory violations, but organizations using awxkit should consider the risk of sensitive data exposure due to this vulnerability and evaluate their controls accordingly.

Useful 0 Not Useful 0