HOMEVULNERABILITIESCVE-2026-11819
MEDIUM

CVE-2026-11819

CWE-532Published: June 23, 2026· Updated: Jun 25, 2026

5.5
CVSS v3.1
EPSS:0.12%probability of exploitation in 30 daysPercentile:2.5th

Official Description

Module: plugins/modules/keyring_info.py

CVSS 3.1: 5.5 MEDIUM — AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Issue: The module retrieves a passphrase from the OS native keyring (GNOME Keyring, macOS Keychain, Windows Credential Manager) and places it directly into result["passphrase"] with no output suppression, no no_log protection, and no documentation warning.

Root Cause:

Line 105 (protected): keyring_password=dict(type="str", required=True, no_log=True)

Line 127 (NOT protected): result["passphrase"] = passphrase

Observed Output:

{

"changed": false,

"passphrase": "MyMasterP@ssw0rd!SSH_Key_Secret"

}

Visible via register + debug:

{

"keyring_result": {

"changed": false,

"passphrase": "MyMasterP@ssw0rd!SSH_Key_Secret"

}

}

Impact:

Master passwords, SSH key passphrases and service credentials appear in all Ansible output

register: keyring_result followed by debug: var=keyring_result prints passphrase in full

Ansible fact caching backends (Redis, JSON file, memcached) may persist the passphrase

AWX/Tower job logs silently store the live credential

Fix:

module.exit_json(changed=False, passphrase=passphrase, _ansible_no_log=True)

Also add a documentation warning requiring callers to use no_log: true at the task level.

PoCs

Fig 1: PoC execution showing passphrase in plaintext output

Fig 2: Source code showing no_log=True on input (line 105) vs unprotected output (line 127)

NVD Source

Technical Analysis

CVE-2026-11819 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires low privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

A successful exploit results in complete confidentiality breach (data exposure), with a CVSS base score of 5.5.

CVSS v3.1 Vector Breakdown

Exploitability
Attack VectorLocal
Attack ComplexityLow
Privileges Req.Low
User InteractionNone
ScopeUnchanged
Impact
ConfidentialityHigh
IntegrityNone
AvailabilityNone
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

All References (3)

Quick Facts

CVE IDCVE-2026-11819
CVSS Score5.5 / 10
SeverityMEDIUM
WeaknessCWE-532
CISA KEVNo
EPSS (30d)0.12%
PublishedJun 23, 2026

Related CVEs (CWE-532)

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-11819 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.