PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-11820 Red Hat CVE debrief

The community.general Ansible collection's nexmo module has a flaw that causes API credentials to be sent via GET requests, exposing them in web server access logs, proxy logs, HTTP Referer headers, and network monitoring tools. Despite being marked as no_log in the Ansible argument specification, the credentials are visible. An attacker with access to these logs or monitoring points can obtain the full API credentials and gain unauthorized access to the victim's Vonage/Nexmo account. The vulnerability has a CVSS score of 6.5 and a severity of MEDIUM. The CVE was published on 2026-06-23T21:16:54.593Z and last modified on 2026-06-26T00:16:50.420Z. The vendor is listed as Unknown Vendor with low confidence.

Vendor
Red Hat
Product
Red Hat Enterprise Linux 10
CVSS
MEDIUM 6.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-23
Original CVE updated
2026-06-26
Advisory published
2026-06-23
Advisory updated
2026-06-26

Who should care

Security teams and administrators using the community.general Ansible collection's nexmo module should be aware of this vulnerability. They should assess their exposure and take steps to mitigate the risk of credential exposure. This includes reviewing logs and monitoring tools for potential credential exposure and updating the Ansible collection to a version that addresses this issue.

Technical summary

The nexmo module in the community.general Ansible collection constructs HTTP requests to the Vonage/Nexmo SMS API by encoding API credentials (api_key and api_secret) into URL query parameters and sending them via GET requests. This causes credentials to be exposed in various logs and monitoring tools. The vulnerability is due to the insecure transmission of sensitive information, despite the Ansible argument specification marking these parameters as no_log. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N, indicating a high impact on confidentiality.

Defensive priority

This vulnerability requires immediate attention due to the potential for credential exposure. Security teams should prioritize patching or mitigating this vulnerability to prevent unauthorized access to Vonage/Nexmo accounts.

Recommended defensive actions

  • Review and update the Ansible collection to a version that addresses this issue.
  • Assess exposure by reviewing logs and monitoring tools for potential credential exposure.
  • Implement secure transmission of API credentials, such as using POST requests or secure storage.
  • Monitor for suspicious activity related to Vonage/Nexmo accounts.
  • Consider compensating controls, such as additional authentication or access controls, for sensitive API credentials.

Evidence notes

The CVE record and NVD detail provide information on the vulnerability. Red Hat has also provided references to their security advisory and bugzilla entry for this issue. The evidence suggests that the vulnerability is real, but the vendor and affected scope are not well-defined.

Official resources

This article is AI-assisted and based on the supplied source corpus.