DEBIAN-CVE-2016-8628

DEBIAN-CVE-2016-8628 PUBLISHED CVSS 9.100000381469727 CRITICAL

Ansible before version 2.2.0 fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to create special variables on the controller could execute arbitrary commands on Ansible clients as the user Ansible runs as.

Risk Scores

CVSS v3.0

9.100000381469727

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Debian:12	ansible	0, 0, 0
Debian:11	ansible	0, 0, 0
Debian:13	ansible	0, 0, 0
Debian:14	ansible	0, 0, 0

Timeline

Jul 31, 2018 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2016-8628 advisory

Open in Interactive Console →