A command injection vulnerability was found in galaxy_ng's legacy role import functionality. The do_git_checkout() function in galaxy_ng/app/api/v1/tasks.py constructs shell commands via f-string interpolation using unsanitized git ref names (branch/tag names from the github_reference parameter) and executes them with subprocess.run(cmd, shell=True). An authenticated user who controls a git repository can create a branch or tag with shell metacharacters (such as ;, |, $(), &, >) in the name, and when the legacy role import processes this reference, the shell metacharacters are interpreted by the shell, achieving remote code execution on the pulp worker process.

The vulnerability requires GALAXY_ENABLE_LEGACY_ROLES to be set to True, which is NOT the default configuration in any shipped version of Red Hat Ansible Automation Platform (2.4 through 2.6). When this setting is False (the default), the v1 API routes are not registered in Django URL routing and the vulnerable endpoint returns 404. However, any deployment that explicitly enables legacy role support (e.g., community-galaxy profile or custom configurations) is exposed to authenticated RCE.

A secondary vector exists via the alternate_clone_url parameter, which accepts arbitrary URLs with no validation (enabling SSRF), though the git clone operation on that path uses shell=False, preventing shell injection via that specific parameter.