diff --git a/apps/api/src/services/host_repair_agent.py b/apps/api/src/services/host_repair_agent.py
index 02013112..1b307b09 100644
--- a/apps/api/src/services/host_repair_agent.py
+++ b/apps/api/src/services/host_repair_agent.py
@@ -422,6 +422,14 @@ class HostRepairAgent:
         """
         host = ANSIBLE_CONTROL_HOST
         user = ANSIBLE_CONTROL_USER
+        # Important fix: 驗證 ConfigMap 的控制節點也在白名單內，防止環境變數被篡改繞過白名單
+        try:
+            validate_ssh_target_host(host)
+        except ValueError as e:
+            return HostRepairResult(
+                success=False, layer="ansible", component=playbook_name,
+                error=f"Ansible control host validation failed: {e}",
+            )
         playbook_path = f"{ANSIBLE_PLAYBOOKS_PATH}/{playbook_name}"
         # P0-2: Quote playbook_path to prevent shell injection if path contains special chars
         ssh_command = f"ansible-playbook {shlex.quote(playbook_path)}"