VulnerableCode Vulnerability Details - VCID-s2w1-fedq-ckes

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-s2w1-fedq-ckes

Essentials
Severities (2)
References (16)
Severity details (1)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-s2w1-fedq-ckes
Aliases	CVE-2017-7466 GHSA-3m8p-xpm6-8ww3 PYSEC-2018-40
Summary	Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the Ansible server, could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.
Status	Published
Exploitability	None
Weighted Severity	None
Risk	None
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-20	Improper Input Validation
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
epss	0.02659	https://api.first.org/data/v1/epss?cve=CVE-2017-7466
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-3m8p-xpm6-8ww3

Reference id	Reference type	URL
		https://access.redhat.com/errata/RHSA-2017:1244
		https://access.redhat.com/errata/RHSA-2017:1334
		https://access.redhat.com/errata/RHSA-2017:1476
		https://access.redhat.com/errata/RHSA-2017:1499
		https://access.redhat.com/errata/RHSA-2017:1599
		https://access.redhat.com/errata/RHSA-2017:1685
		https://api.first.org/data/v1/epss?cve=CVE-2017-7466
		https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7466
		https://github.com/ansible/ansible/commit/0d418789a298561fded9bce977d34babc9097079
		https://github.com/ansible/ansible/commit/7ff9fa52cfcef2065f0db80d85dd94b9b754839c
		https://github.com/ansible/ansible/issues/24186
		https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-40.yaml
		https://web.archive.org/web/20170701161323/http://www.securityfocus.com/bid/97595
		http://www.securityfocus.com/bid/97595
CVE-2017-7466		https://nvd.nist.gov/vuln/detail/CVE-2017-7466
GHSA-3m8p-xpm6-8ww3		https://github.com/advisories/GHSA-3m8p-xpm6-8ww3

No exploits are available.

Exploit Prediction Scoring System (EPSS)

Percentile	0.86041
EPSS Score	0.02659
Published At	May 30, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-05-30T20:17:46.675944+00:00	Pypa Importer	Import	https://github.com/pypa/advisory-database/blob/main/vulns/ansible/PYSEC-2018-40.yaml	38.6.0