A local privilege escalation vulnerability was found in...
High severity
Unreviewed
Published
Jun 10, 2026
to the GitHub Advisory Database
•
Updated Jun 30, 2026
Description
Published by the National Vulnerability Database
Jun 10, 2026
Published to the GitHub Advisory Database
Jun 10, 2026
Last updated
Jun 30, 2026
A local privilege escalation vulnerability was found in the ansible.posix authorized_key module. The module's keyfile() function uses os.chown() instead of os.lchown() and opens files without O_NOFOLLOW when managing SSH authorized keys. An unprivileged local user can pre-stage symbolic links in their ~/.ssh directory to redirect file ownership changes to arbitrary system paths when an operator runs the authorized_key task as root, leading to local privilege escalation.
References