Search

Find a vulnerability

Search criteria

    76 vulnerabilities found for Red Hat Satellite 6 by Red Hat

    CVE-2026-5142 (GCVE-0-2026-5142)

    Vulnerability from nvd – Published: 2026-07-01 14:07 – Updated: 2026-07-01 23:53
    VLAI
    Title
    Foreman: foreman: cross-tenant private ssh key disclosure via taxonomy scoping bypass
    Summary
    A flaw was found in foreman. Authenticated users with 'view_keypairs' permission can bypass taxonomy scoping, allowing them to download private SSH (Secure Shell) keys from other organizations by directly querying key pair IDs. This vulnerability leads to cross-tenant data exposure in multi-tenant deployments, potentially compromising sensitive information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2026:34365 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34366 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34367 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34368 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2026-5142 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2452999 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Satellite 6.16 for RHEL 8 Unaffected: 0:3.12.0.17-1.el8sat , < * (rpm)
        cpe:/a:redhat:satellite:6.16::el8
        cpe:/a:redhat:satellite:6.16::el9
        cpe:/a:redhat:satellite_capsule:6.16::el8
        cpe:/a:redhat:satellite_capsule:6.16::el9
        cpe:/a:redhat:satellite_maintenance:6.16::el8
        cpe:/a:redhat:satellite_maintenance:6.16::el9
        cpe:/a:redhat:satellite_utils:6.16::el8
        cpe:/a:redhat:satellite_utils:6.16::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.16 for RHEL 9 Unaffected: 0:3.12.0.17-1.el9sat , < * (rpm)
        cpe:/a:redhat:satellite:6.16::el8
        cpe:/a:redhat:satellite:6.16::el9
        cpe:/a:redhat:satellite_capsule:6.16::el8
        cpe:/a:redhat:satellite_capsule:6.16::el9
        cpe:/a:redhat:satellite_maintenance:6.16::el8
        cpe:/a:redhat:satellite_maintenance:6.16::el9
        cpe:/a:redhat:satellite_utils:6.16::el8
        cpe:/a:redhat:satellite_utils:6.16::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.17 for RHEL 9 Unaffected: 0:3.14.0.17-1.el9sat , < * (rpm)
        cpe:/a:redhat:satellite:6.17::el9
        cpe:/a:redhat:satellite_capsule:6.17::el9
        cpe:/a:redhat:satellite_maintenance:6.17::el9
        cpe:/a:redhat:satellite_utils:6.17::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.18 for RHEL 9 Unaffected: 0:3.16.0.17-1.el9sat , < * (rpm)
        cpe:/a:redhat:satellite:6.18::el9
        cpe:/a:redhat:satellite_capsule:6.18::el9
        cpe:/a:redhat:satellite_utils:6.18::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.19 for RHEL 9 Unaffected: 0:3.18.0.7-1.el9sat , < * (rpm)
        cpe:/a:redhat:satellite:6.19::el9
        cpe:/a:redhat:satellite_capsule:6.19::el9
        cpe:/a:redhat:satellite_maintenance:6.19::el9
        cpe:/a:redhat:satellite_utils:6.19::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6     cpe:/a:redhat:satellite:6
    Create a notification for this product.
    Date Public
    2026-04-30 12:34
    Credits
    Red Hat would like to thank Stanislav Fot (Aisle Research) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-5142",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T15:01:12.115967Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T15:01:19.821Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.16::el8",
                "cpe:/a:redhat:satellite:6.16::el9",
                "cpe:/a:redhat:satellite_capsule:6.16::el8",
                "cpe:/a:redhat:satellite_capsule:6.16::el9",
                "cpe:/a:redhat:satellite_maintenance:6.16::el8",
                "cpe:/a:redhat:satellite_maintenance:6.16::el9",
                "cpe:/a:redhat:satellite_utils:6.16::el8",
                "cpe:/a:redhat:satellite_utils:6.16::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.16 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.12.0.17-1.el8sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.16::el8",
                "cpe:/a:redhat:satellite:6.16::el9",
                "cpe:/a:redhat:satellite_capsule:6.16::el8",
                "cpe:/a:redhat:satellite_capsule:6.16::el9",
                "cpe:/a:redhat:satellite_maintenance:6.16::el8",
                "cpe:/a:redhat:satellite_maintenance:6.16::el9",
                "cpe:/a:redhat:satellite_utils:6.16::el8",
                "cpe:/a:redhat:satellite_utils:6.16::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.16 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.12.0.17-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.14.0.17-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.18::el9",
                "cpe:/a:redhat:satellite_capsule:6.18::el9",
                "cpe:/a:redhat:satellite_utils:6.18::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.18 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.16.0.17-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.19::el9",
                "cpe:/a:redhat:satellite_capsule:6.19::el9",
                "cpe:/a:redhat:satellite_maintenance:6.19::el9",
                "cpe:/a:redhat:satellite_utils:6.19::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.19 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.18.0.7-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6"
              ],
              "defaultStatus": "affected",
              "packageName": "satellite-capsule:el8/foreman",
              "product": "Red Hat Satellite 6",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Stanislav Fot (Aisle Research) for reporting this issue."
            }
          ],
          "datePublic": "2026-04-30T12:34:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in foreman. Authenticated users with \u0027view_keypairs\u0027 permission can bypass taxonomy scoping, allowing them to download private SSH (Secure Shell) keys from other organizations by directly querying key pair IDs. This vulnerability leads to cross-tenant data exposure in multi-tenant deployments, potentially compromising sensitive information."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T23:53:16.614Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2026:34365",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:34365"
            },
            {
              "name": "RHSA-2026:34366",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:34366"
            },
            {
              "name": "RHSA-2026:34367",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:34367"
            },
            {
              "name": "RHSA-2026:34368",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:34368"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-5142"
            },
            {
              "name": "RHBZ#2452999",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452999"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-03-30T12:04:45.283Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-04-30T12:34:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Foreman: foreman: cross-tenant private ssh key disclosure via taxonomy scoping bypass",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-639: Authorization Bypass Through User-Controlled Key"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-5142",
        "datePublished": "2026-07-01T14:07:55.662Z",
        "dateReserved": "2026-03-30T12:08:56.764Z",
        "dateUpdated": "2026-07-01T23:53:16.614Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-5138 (GCVE-0-2026-5138)

    Vulnerability from nvd – Published: 2026-07-01 14:08 – Updated: 2026-07-01 23:53
    VLAI
    Title
    Foreman: foreman: information disclosure via improper validation of nested request parameters
    Summary
    A flaw was found in Foreman. An authenticated user with host-edit permissions could exploit a cross-tenant information disclosure vulnerability. This flaw occurs because the taxonomy_scope controller method does not properly validate organization and location IDs from nested request parameters, bypassing existing authorization checks. This allows the user to leak sensitive infrastructure metadata, including subnet topology, IP ranges, gateways, DNS servers, and VLAN IDs, from organizations and locations they are not authorized to access.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2026:34365 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34366 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34367 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34368 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2026-5138 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2452971 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Satellite 6.16 for RHEL 8 Unaffected: 0:3.12.0.17-1.el8sat , < * (rpm)
        cpe:/a:redhat:satellite:6.16::el8
        cpe:/a:redhat:satellite:6.16::el9
        cpe:/a:redhat:satellite_capsule:6.16::el8
        cpe:/a:redhat:satellite_capsule:6.16::el9
        cpe:/a:redhat:satellite_maintenance:6.16::el8
        cpe:/a:redhat:satellite_maintenance:6.16::el9
        cpe:/a:redhat:satellite_utils:6.16::el8
        cpe:/a:redhat:satellite_utils:6.16::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.16 for RHEL 9 Unaffected: 0:3.12.0.17-1.el9sat , < * (rpm)
        cpe:/a:redhat:satellite:6.16::el8
        cpe:/a:redhat:satellite:6.16::el9
        cpe:/a:redhat:satellite_capsule:6.16::el8
        cpe:/a:redhat:satellite_capsule:6.16::el9
        cpe:/a:redhat:satellite_maintenance:6.16::el8
        cpe:/a:redhat:satellite_maintenance:6.16::el9
        cpe:/a:redhat:satellite_utils:6.16::el8
        cpe:/a:redhat:satellite_utils:6.16::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.17 for RHEL 9 Unaffected: 0:3.14.0.17-1.el9sat , < * (rpm)
        cpe:/a:redhat:satellite:6.17::el9
        cpe:/a:redhat:satellite_capsule:6.17::el9
        cpe:/a:redhat:satellite_maintenance:6.17::el9
        cpe:/a:redhat:satellite_utils:6.17::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.18 for RHEL 9 Unaffected: 0:3.16.0.17-1.el9sat , < * (rpm)
        cpe:/a:redhat:satellite:6.18::el9
        cpe:/a:redhat:satellite_capsule:6.18::el9
        cpe:/a:redhat:satellite_utils:6.18::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.19 for RHEL 9 Unaffected: 0:3.18.0.7-1.el9sat , < * (rpm)
        cpe:/a:redhat:satellite:6.19::el9
        cpe:/a:redhat:satellite_capsule:6.19::el9
        cpe:/a:redhat:satellite_maintenance:6.19::el9
        cpe:/a:redhat:satellite_utils:6.19::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6     cpe:/a:redhat:satellite:6
    Create a notification for this product.
    Date Public
    2026-07-01 12:29
    Credits
    Red Hat would like to thank Stanislav Fot (Aisle Research) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-5138",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T14:39:42.711601Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T14:39:49.816Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.16::el8",
                "cpe:/a:redhat:satellite:6.16::el9",
                "cpe:/a:redhat:satellite_capsule:6.16::el8",
                "cpe:/a:redhat:satellite_capsule:6.16::el9",
                "cpe:/a:redhat:satellite_maintenance:6.16::el8",
                "cpe:/a:redhat:satellite_maintenance:6.16::el9",
                "cpe:/a:redhat:satellite_utils:6.16::el8",
                "cpe:/a:redhat:satellite_utils:6.16::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.16 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.12.0.17-1.el8sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.16::el8",
                "cpe:/a:redhat:satellite:6.16::el9",
                "cpe:/a:redhat:satellite_capsule:6.16::el8",
                "cpe:/a:redhat:satellite_capsule:6.16::el9",
                "cpe:/a:redhat:satellite_maintenance:6.16::el8",
                "cpe:/a:redhat:satellite_maintenance:6.16::el9",
                "cpe:/a:redhat:satellite_utils:6.16::el8",
                "cpe:/a:redhat:satellite_utils:6.16::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.16 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.12.0.17-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.14.0.17-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.18::el9",
                "cpe:/a:redhat:satellite_capsule:6.18::el9",
                "cpe:/a:redhat:satellite_utils:6.18::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.18 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.16.0.17-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.19::el9",
                "cpe:/a:redhat:satellite_capsule:6.19::el9",
                "cpe:/a:redhat:satellite_maintenance:6.19::el9",
                "cpe:/a:redhat:satellite_utils:6.19::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.19 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.18.0.7-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6"
              ],
              "defaultStatus": "affected",
              "packageName": "satellite-capsule:el8/foreman",
              "product": "Red Hat Satellite 6",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Stanislav Fot (Aisle Research) for reporting this issue."
            }
          ],
          "datePublic": "2026-07-01T12:29:33.423Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Foreman. An authenticated user with host-edit permissions could exploit a cross-tenant information disclosure vulnerability. This flaw occurs because the taxonomy_scope controller method does not properly validate organization and location IDs from nested request parameters, bypassing existing authorization checks. This allows the user to leak sensitive infrastructure metadata, including subnet topology, IP ranges, gateways, DNS servers, and VLAN IDs, from organizations and locations they are not authorized to access."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T23:53:14.772Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2026:34365",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:34365"
            },
            {
              "name": "RHSA-2026:34366",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:34366"
            },
            {
              "name": "RHSA-2026:34367",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:34367"
            },
            {
              "name": "RHSA-2026:34368",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:34368"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-5138"
            },
            {
              "name": "RHBZ#2452971",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452971"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-03-30T10:51:04.461Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-07-01T12:29:33.423Z",
              "value": "Made public."
            }
          ],
          "title": "Foreman: foreman: information disclosure via improper validation of nested request parameters",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-639: Authorization Bypass Through User-Controlled Key"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-5138",
        "datePublished": "2026-07-01T14:08:43.978Z",
        "dateReserved": "2026-03-30T10:53:25.776Z",
        "dateUpdated": "2026-07-01T23:53:14.772Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-5135 (GCVE-0-2026-5135)

    Vulnerability from nvd – Published: 2026-07-01 14:08 – Updated: 2026-07-01 23:53
    VLAI
    Title
    Foreman: foreman: unauthorized modification of host configurations via broken access control
    Summary
    A flaw was found in Foreman. This broken access control vulnerability allows an authenticated user with host-edit permissions to retarget an existing lookup value override to a different host. This is achieved by modifying the match field through nested host attributes, effectively bypassing authorisation checks. The consequence is the potential for unauthorised modification of managed host configurations across different organisational and location boundaries.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2026:34365 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34366 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34367 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34368 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2026-5135 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2452230 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Satellite 6.16 for RHEL 8 Unaffected: 0:3.12.0.17-1.el8sat , < * (rpm)
        cpe:/a:redhat:satellite:6.16::el8
        cpe:/a:redhat:satellite:6.16::el9
        cpe:/a:redhat:satellite_capsule:6.16::el8
        cpe:/a:redhat:satellite_capsule:6.16::el9
        cpe:/a:redhat:satellite_maintenance:6.16::el8
        cpe:/a:redhat:satellite_maintenance:6.16::el9
        cpe:/a:redhat:satellite_utils:6.16::el8
        cpe:/a:redhat:satellite_utils:6.16::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.16 for RHEL 9 Unaffected: 0:3.12.0.17-1.el9sat , < * (rpm)
        cpe:/a:redhat:satellite:6.16::el8
        cpe:/a:redhat:satellite:6.16::el9
        cpe:/a:redhat:satellite_capsule:6.16::el8
        cpe:/a:redhat:satellite_capsule:6.16::el9
        cpe:/a:redhat:satellite_maintenance:6.16::el8
        cpe:/a:redhat:satellite_maintenance:6.16::el9
        cpe:/a:redhat:satellite_utils:6.16::el8
        cpe:/a:redhat:satellite_utils:6.16::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.17 for RHEL 9 Unaffected: 0:3.14.0.17-1.el9sat , < * (rpm)
        cpe:/a:redhat:satellite:6.17::el9
        cpe:/a:redhat:satellite_capsule:6.17::el9
        cpe:/a:redhat:satellite_maintenance:6.17::el9
        cpe:/a:redhat:satellite_utils:6.17::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.18 for RHEL 9 Unaffected: 0:3.16.0.17-1.el9sat , < * (rpm)
        cpe:/a:redhat:satellite:6.18::el9
        cpe:/a:redhat:satellite_capsule:6.18::el9
        cpe:/a:redhat:satellite_utils:6.18::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.19 for RHEL 9 Unaffected: 0:3.18.0.7-1.el9sat , < * (rpm)
        cpe:/a:redhat:satellite:6.19::el9
        cpe:/a:redhat:satellite_capsule:6.19::el9
        cpe:/a:redhat:satellite_maintenance:6.19::el9
        cpe:/a:redhat:satellite_utils:6.19::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6     cpe:/a:redhat:satellite:6
    Create a notification for this product.
    Date Public
    2026-04-15 12:34
    Credits
    Red Hat would like to thank Stanislav Fot (Aisle Research) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-5135",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T14:52:27.488776Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T14:54:21.883Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.16::el8",
                "cpe:/a:redhat:satellite:6.16::el9",
                "cpe:/a:redhat:satellite_capsule:6.16::el8",
                "cpe:/a:redhat:satellite_capsule:6.16::el9",
                "cpe:/a:redhat:satellite_maintenance:6.16::el8",
                "cpe:/a:redhat:satellite_maintenance:6.16::el9",
                "cpe:/a:redhat:satellite_utils:6.16::el8",
                "cpe:/a:redhat:satellite_utils:6.16::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.16 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.12.0.17-1.el8sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.16::el8",
                "cpe:/a:redhat:satellite:6.16::el9",
                "cpe:/a:redhat:satellite_capsule:6.16::el8",
                "cpe:/a:redhat:satellite_capsule:6.16::el9",
                "cpe:/a:redhat:satellite_maintenance:6.16::el8",
                "cpe:/a:redhat:satellite_maintenance:6.16::el9",
                "cpe:/a:redhat:satellite_utils:6.16::el8",
                "cpe:/a:redhat:satellite_utils:6.16::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.16 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.12.0.17-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.14.0.17-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.18::el9",
                "cpe:/a:redhat:satellite_capsule:6.18::el9",
                "cpe:/a:redhat:satellite_utils:6.18::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.18 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.16.0.17-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.19::el9",
                "cpe:/a:redhat:satellite_capsule:6.19::el9",
                "cpe:/a:redhat:satellite_maintenance:6.19::el9",
                "cpe:/a:redhat:satellite_utils:6.19::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.19 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.18.0.7-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6"
              ],
              "defaultStatus": "affected",
              "packageName": "satellite-capsule:el8/foreman",
              "product": "Red Hat Satellite 6",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Stanislav Fot (Aisle Research) for reporting this issue."
            }
          ],
          "datePublic": "2026-04-15T12:34:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Foreman. This broken access control vulnerability allows an authenticated user with host-edit permissions to retarget an existing lookup value override to a different host. This is achieved by modifying the match field through nested host attributes, effectively bypassing authorisation checks. The consequence is the potential for unauthorised modification of managed host configurations across different organisational and location boundaries."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T23:53:14.087Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2026:34365",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:34365"
            },
            {
              "name": "RHSA-2026:34366",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:34366"
            },
            {
              "name": "RHSA-2026:34367",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:34367"
            },
            {
              "name": "RHSA-2026:34368",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:34368"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-5135"
            },
            {
              "name": "RHBZ#2452230",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452230"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-03-27T13:22:30.704Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-04-15T12:34:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Foreman: foreman: unauthorized modification of host configurations via broken access control",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-639: Authorization Bypass Through User-Controlled Key"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-5135",
        "datePublished": "2026-07-01T14:08:39.712Z",
        "dateReserved": "2026-03-30T10:42:55.307Z",
        "dateUpdated": "2026-07-01T23:53:14.087Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-5136 (GCVE-0-2026-5136)

    Vulnerability from nvd – Published: 2026-07-01 13:28 – Updated: 2026-07-02 03:56
    VLAI
    Title
    Foreman: foreman: privilege escalation to administrator-level access via usergroup role assignment manipulation
    Summary
    A flaw was found in Foreman. The Usergroup model in Foreman does not properly validate role assignments against the calling user's permissions. This allows an authenticated user with usergroup management permissions to attach arbitrary roles, including administrative roles, to a user group and then add themselves as a member. Successful exploitation of this vulnerability leads to full privilege escalation, granting the attacker administrator-level access.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-266 - Incorrect Privilege Assignment
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2026:34365 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34366 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34367 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34368 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2026-5136 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2452970 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Satellite 6.16 for RHEL 8 Unaffected: 0:3.12.0.17-1.el8sat , < * (rpm)
        cpe:/a:redhat:satellite:6.16::el8
        cpe:/a:redhat:satellite:6.16::el9
        cpe:/a:redhat:satellite_capsule:6.16::el8
        cpe:/a:redhat:satellite_capsule:6.16::el9
        cpe:/a:redhat:satellite_maintenance:6.16::el8
        cpe:/a:redhat:satellite_maintenance:6.16::el9
        cpe:/a:redhat:satellite_utils:6.16::el8
        cpe:/a:redhat:satellite_utils:6.16::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.16 for RHEL 9 Unaffected: 0:3.12.0.17-1.el9sat , < * (rpm)
        cpe:/a:redhat:satellite:6.16::el8
        cpe:/a:redhat:satellite:6.16::el9
        cpe:/a:redhat:satellite_capsule:6.16::el8
        cpe:/a:redhat:satellite_capsule:6.16::el9
        cpe:/a:redhat:satellite_maintenance:6.16::el8
        cpe:/a:redhat:satellite_maintenance:6.16::el9
        cpe:/a:redhat:satellite_utils:6.16::el8
        cpe:/a:redhat:satellite_utils:6.16::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.17 for RHEL 9 Unaffected: 0:3.14.0.17-1.el9sat , < * (rpm)
        cpe:/a:redhat:satellite:6.17::el9
        cpe:/a:redhat:satellite_capsule:6.17::el9
        cpe:/a:redhat:satellite_maintenance:6.17::el9
        cpe:/a:redhat:satellite_utils:6.17::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.18 for RHEL 9 Unaffected: 0:3.16.0.17-1.el9sat , < * (rpm)
        cpe:/a:redhat:satellite:6.18::el9
        cpe:/a:redhat:satellite_capsule:6.18::el9
        cpe:/a:redhat:satellite_utils:6.18::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.19 for RHEL 9 Unaffected: 0:3.18.0.7-1.el9sat , < * (rpm)
        cpe:/a:redhat:satellite:6.19::el9
        cpe:/a:redhat:satellite_capsule:6.19::el9
        cpe:/a:redhat:satellite_maintenance:6.19::el9
        cpe:/a:redhat:satellite_utils:6.19::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6     cpe:/a:redhat:satellite:6
    Create a notification for this product.
    Date Public
    2026-07-01 12:28
    Credits
    Red Hat would like to thank Stanislav Fot (Aisle Research) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-5136",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-02T03:56:14.203Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.16::el8",
                "cpe:/a:redhat:satellite:6.16::el9",
                "cpe:/a:redhat:satellite_capsule:6.16::el8",
                "cpe:/a:redhat:satellite_capsule:6.16::el9",
                "cpe:/a:redhat:satellite_maintenance:6.16::el8",
                "cpe:/a:redhat:satellite_maintenance:6.16::el9",
                "cpe:/a:redhat:satellite_utils:6.16::el8",
                "cpe:/a:redhat:satellite_utils:6.16::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.16 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.12.0.17-1.el8sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.16::el8",
                "cpe:/a:redhat:satellite:6.16::el9",
                "cpe:/a:redhat:satellite_capsule:6.16::el8",
                "cpe:/a:redhat:satellite_capsule:6.16::el9",
                "cpe:/a:redhat:satellite_maintenance:6.16::el8",
                "cpe:/a:redhat:satellite_maintenance:6.16::el9",
                "cpe:/a:redhat:satellite_utils:6.16::el8",
                "cpe:/a:redhat:satellite_utils:6.16::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.16 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.12.0.17-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.14.0.17-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.18::el9",
                "cpe:/a:redhat:satellite_capsule:6.18::el9",
                "cpe:/a:redhat:satellite_utils:6.18::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.18 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.16.0.17-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.19::el9",
                "cpe:/a:redhat:satellite_capsule:6.19::el9",
                "cpe:/a:redhat:satellite_maintenance:6.19::el9",
                "cpe:/a:redhat:satellite_utils:6.19::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.19 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.18.0.7-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6"
              ],
              "defaultStatus": "affected",
              "packageName": "satellite-capsule:el8/foreman",
              "product": "Red Hat Satellite 6",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Stanislav Fot (Aisle Research) for reporting this issue."
            }
          ],
          "datePublic": "2026-07-01T12:28:21.744Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Foreman. The Usergroup model in Foreman does not properly validate role assignments against the calling user\u0027s permissions. This allows an authenticated user with usergroup management permissions to attach arbitrary roles, including administrative roles, to a user group and then add themselves as a member. Successful exploitation of this vulnerability leads to full privilege escalation, granting the attacker administrator-level access."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-266",
                  "description": "Incorrect Privilege Assignment",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T23:37:57.480Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2026:34365",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:34365"
            },
            {
              "name": "RHSA-2026:34366",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:34366"
            },
            {
              "name": "RHSA-2026:34367",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:34367"
            },
            {
              "name": "RHSA-2026:34368",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:34368"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-5136"
            },
            {
              "name": "RHBZ#2452970",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452970"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-03-30T10:41:48.559Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-07-01T12:28:21.744Z",
              "value": "Made public."
            }
          ],
          "title": "Foreman: foreman: privilege escalation to administrator-level access via usergroup role assignment manipulation",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-266: Incorrect Privilege Assignment"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-5136",
        "datePublished": "2026-07-01T13:28:00.316Z",
        "dateReserved": "2026-03-30T10:47:46.043Z",
        "dateUpdated": "2026-07-02T03:56:14.203Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-13316 (GCVE-0-2026-13316)

    Vulnerability from nvd – Published: 2026-06-30 09:53 – Updated: 2026-07-01 10:11
    VLAI
    Title
    Foreman: ssrf to cloud metada service through unvalidated test_url parameters in foreman config
    Summary
    A flaw has been found in foreman when HTTP parameters are modified in http_proxies_controller and http_proxy files. Attackers can perform an SSRF attack and steal cloud metadata service on AWS/GCP/Azure environment through foreman component.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    References
    URL Tags
    https://access.redhat.com/security/cve/CVE-2026-13316 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2490345 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Satellite 6     cpe:/a:redhat:satellite:6
    Create a notification for this product.
    Date Public
    2026-06-18 12:00
    Credits
    Red Hat would like to thank Martin Brodeur (Fluentlogic.org GH: brodmart) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-13316",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-30T13:16:34.459169Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T13:16:44.600Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6"
              ],
              "defaultStatus": "affected",
              "packageName": "satellite-utils:el8/foreman",
              "product": "Red Hat Satellite 6",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Martin Brodeur (Fluentlogic.org GH: brodmart) for reporting this issue."
            }
          ],
          "datePublic": "2026-06-18T12:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw has been found in foreman when HTTP parameters are modified in http_proxies_controller and http_proxy files. Attackers can perform an SSRF attack and steal cloud metadata service on AWS/GCP/Azure environment through foreman component."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T10:11:10.277Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-13316"
            },
            {
              "name": "RHBZ#2490345",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490345"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-18T12:51:36.648Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-06-18T12:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Foreman: ssrf to cloud metada service through unvalidated test_url parameters in foreman config",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-918: Server-Side Request Forgery (SSRF)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-13316",
        "datePublished": "2026-06-30T09:53:03.409Z",
        "dateReserved": "2026-06-25T07:46:22.379Z",
        "dateUpdated": "2026-07-01T10:11:10.277Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-9800 (GCVE-0-2026-9800)

    Vulnerability from nvd – Published: 2026-06-25 16:16 – Updated: 2026-07-02 12:04
    VLAI
    Title
    Keycloak-policy-enforcer: keycloak policy enforcer: authorization bypass via incorrect uri comparison
    Summary
    A flaw was found in Keycloak Policy Enforcer. This vulnerability allows any authenticated user to bypass all authorization policies, including role, scope, and User-Managed Access (UMA) permission checks. By including the configured access-denied page path within a request URL, either as a path segment or a query parameter, an attacker can gain unauthorized access to protected resources.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1025 - Comparison Using Wrong Factors
    Assigner
    References
    Impacted products
    Vendor Product Version
    Red Hat Red Hat build of Keycloak 26.4 Unaffected: 26.4.13-1 , < * (rpm)
        cpe:/a:redhat:build_keycloak:26.4::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.4 Unaffected: 26.4-19 , < * (rpm)
        cpe:/a:redhat:build_keycloak:26.4::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.4.13     cpe:/a:redhat:build_keycloak:26.4::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.6 Unaffected: 26.6.4-2 , < * (rpm)
        cpe:/a:redhat:build_keycloak:26.6::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.6 Unaffected: 26.6-8 , < * (rpm)
        cpe:/a:redhat:build_keycloak:26.6::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.6.4     cpe:/a:redhat:build_keycloak:26.6::el9
    Create a notification for this product.
    Red Hat Red Hat build of Quarkus     cpe:/a:redhat:quarkus:3
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform Expansion Pack     cpe:/a:redhat:jbosseapxp
    Create a notification for this product.
    Red Hat Red Hat Satellite 6     cpe:/a:redhat:satellite:6
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7     cpe:/a:redhat:red_hat_single_sign_on:7
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.4     cpe:/a:redhat:build_keycloak:26.4::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.6     cpe:/a:redhat:build_keycloak:26.6::el9
    Create a notification for this product.
    Date Public
    2026-05-19 00:00
    Credits
    Red Hat would like to thank Bas Levering for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-9800",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-25T17:27:58.852057Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-25T17:29:38.796Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/a:redhat:build_keycloak:26.4::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat build of Keycloak 26.4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:build_keycloak:26.6::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat build of Keycloak 26.6",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:build_keycloak:26.4::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat build of Keycloak 26.4.13",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:build_keycloak:26.6::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat build of Keycloak 26.6.4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:quarkus:3"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat build of Quarkus",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jbosseapxp"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:red_hat_single_sign_on:7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Single Sign-On 7",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:satellite:6"
                ],
                "defaultStatus": "unknown",
                "product": "Red Hat Satellite 6",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-05-19T00:00:00.000Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in Keycloak Policy Enforcer. This vulnerability allows any authenticated user to bypass all authorization policies, including role, scope, and User-Managed Access (UMA) permission checks. By including the configured access-denied page path within a request URL, either as a path segment or a query parameter, an attacker can gain unauthorized access to protected resources."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 8.1,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-1025",
                    "description": "Comparison Using Wrong Factors",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-02T12:04:42.028Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-9800"
              },
              {
                "name": "RHBZ#2482472",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482472"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-9800.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:30050"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:30084"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:30049"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:30083"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:30050: Red Hat build of Keycloak 26.4"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:30084: Red Hat build of Keycloak 26.6"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:30049: Red Hat build of Keycloak 26.4.13"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:30083: Red Hat build of Keycloak 26.6.4"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-05-28T03:57:56.111Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-05-19T00:00:00.000Z",
                "value": "Made public."
              }
            ],
            "title": "keycloak-policy-enforcer: Keycloak Policy Enforcer: Authorization bypass via incorrect URI comparison",
            "workarounds": [
              {
                "lang": "en",
                "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-operator-bundle",
              "product": "Red Hat build of Keycloak 26.4",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "26.4.13-1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-rhel9",
              "product": "Red Hat build of Keycloak 26.4",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "26.4-19",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-rhel9-operator",
              "product": "Red Hat build of Keycloak 26.4",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "26.4-19",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.4::el9"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rhbk/keycloak-rhel9",
              "product": "Red Hat build of Keycloak 26.4.13",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.6::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-operator-bundle",
              "product": "Red Hat build of Keycloak 26.6",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "26.6.4-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.6::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-rhel9",
              "product": "Red Hat build of Keycloak 26.6",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "26.6-8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.6::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-rhel9-operator",
              "product": "Red Hat build of Keycloak 26.6",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "26.6-8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.6::el9"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rhbk/keycloak-rhel9",
              "product": "Red Hat build of Keycloak 26.6.4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:quarkus:3"
              ],
              "defaultStatus": "unknown",
              "packageName": "keycloak-policy-enforcer",
              "product": "Red Hat build of Quarkus",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "affected",
              "packageName": "keycloak-policy-enforcer",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "candlepin",
              "product": "Red Hat Satellite 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "satellite:el8/candlepin",
              "product": "Red Hat Satellite 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "servlet-policy-enforcer",
              "product": "Red Hat Single Sign-On 7",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Bas Levering for reporting this issue."
            }
          ],
          "datePublic": "2026-05-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Keycloak Policy Enforcer. This vulnerability allows any authenticated user to bypass all authorization policies, including role, scope, and User-Managed Access (UMA) permission checks. By including the configured access-denied page path within a request URL, either as a path segment or a query parameter, an attacker can gain unauthorized access to protected resources."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1025",
                  "description": "Comparison Using Wrong Factors",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-02T09:29:32.268Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2026:30049",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:30049"
            },
            {
              "name": "RHSA-2026:30050",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:30050"
            },
            {
              "name": "RHSA-2026:30083",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:30083"
            },
            {
              "name": "RHSA-2026:30084",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:30084"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-9800"
            },
            {
              "name": "RHBZ#2482472",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482472"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-28T03:57:56.111Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-05-19T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Keycloak-policy-enforcer: keycloak policy enforcer: authorization bypass via incorrect uri comparison",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-1025: Comparison Using Wrong Factors"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-9800",
        "datePublished": "2026-06-25T16:16:27.069Z",
        "dateReserved": "2026-05-28T04:00:06.454Z",
        "dateUpdated": "2026-07-02T12:04:42.028Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-9073 (GCVE-0-2026-9073)

    Vulnerability from nvd – Published: 2026-06-23 19:53 – Updated: 2026-06-24 18:21
    VLAI
    Title
    Foreman-mcp-server: mcp server: insecure sensitive http header sanitization
    Summary
    A flaw was found in foreman-mcp-server. This component utilizes two distinct logging mechanisms that can expose sensitive session and authentication data. One mechanism logs session identifiers, which are treated as authentication credentials, at an informational level. The other, when debug logging is enabled, incompletely sanitizes HTTP request headers, leading to the cleartext logging of sensitive information such as authorization tokens and API keys. This vulnerability can result in a confidentiality breach, as sensitive authentication data is persisted in plain text within container logs, increasing the risk if logs are forwarded to a centralized platform.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-532 - Insertion of Sensitive Information into Log File
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2026:28438 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2026-9073 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2480151 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Satellite 6.19 Unaffected: 1782228692 , < * (rpm)
        cpe:/a:redhat:satellite:6.19::el9
    Create a notification for this product.
    Date Public
    2026-06-23 12:34
    Credits
    This issue was discovered by Laura Pardo (Red Hat).
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-9073",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-24T18:20:48.963167Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-24T18:21:06.546Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.19::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "satellite/foreman-mcp-server-rhel9",
              "product": "Red Hat Satellite 6.19",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1782228692",
                  "versionType": "rpm"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This issue was discovered by Laura Pardo (Red Hat)."
            }
          ],
          "datePublic": "2026-06-23T12:34:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in foreman-mcp-server. This component utilizes two distinct logging mechanisms that can expose sensitive session and authentication data. One mechanism logs session identifiers, which are treated as authentication credentials, at an informational level. The other, when debug logging is enabled, incompletely sanitizes HTTP request headers, leading to the cleartext logging of sensitive information such as authorization tokens and API keys. This vulnerability can result in a confidentiality breach, as sensitive authentication data is persisted in plain text within container logs, increasing the risk if logs are forwarded to a centralized platform."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-532",
                  "description": "Insertion of Sensitive Information into Log File",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-24T01:56:29.186Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2026:28438",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:28438"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-9073"
            },
            {
              "name": "RHBZ#2480151",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480151"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-20T12:05:51.360Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-06-23T12:34:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Foreman-mcp-server: mcp server: insecure sensitive http header sanitization",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-532: Insertion of Sensitive Information into Log File"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-9073",
        "datePublished": "2026-06-23T19:53:15.850Z",
        "dateReserved": "2026-05-20T12:18:07.910Z",
        "dateUpdated": "2026-06-24T18:21:06.546Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-12112 (GCVE-0-2026-12112)

    Vulnerability from nvd – Published: 2026-06-23 19:40 – Updated: 2026-06-30 12:06
    VLAI
    Title
    Foreman-mcp-server: mcp server: active session hijacking via insecure session state reuse
    Summary
    A flaw was found in the foreman-mcp-server. A session management vulnerability in the MCP Server allows unauthenticated attackers to hijack active administrative sessions due to an improper cache of authenticated client connections, by trusting a non-secret session ID without re-validating authentication tokens and by logging all newly created session IDs to standard logs. This issue can result in privilege escalation and infrastructure-wide code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-287 - Improper Authentication
    Assigner
    References
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Satellite 6.19 Unaffected: 1782228692 , < * (rpm)
        cpe:/a:redhat:satellite:6.19::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.19     cpe:/a:redhat:satellite:6.19::el9
    Create a notification for this product.
    Date Public
    2026-06-23 14:31
    Credits
    This issue was discovered by Laura Pardo (Red Hat) and Toni Gornals (Red Hat).
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-12112",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-25T12:46:05.913416Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-25T12:46:15.753Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/a:redhat:satellite:6.19::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Satellite 6.19",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-06-23T14:31:23.576Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in the foreman-mcp-server. A session management vulnerability in the MCP Server allows unauthenticated attackers to hijack active administrative sessions due to an improper cache of authenticated client connections, by trusting a non-secret session ID without re-validating authentication tokens and by logging all newly created session IDs to standard logs. This issue can result in privilege escalation and infrastructure-wide code execution."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-287",
                    "description": "Improper Authentication",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T12:06:53.879Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-12112"
              },
              {
                "name": "RHBZ#2488031",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488031"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-12112.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:28438"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:28438: Red Hat Satellite 6.19"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-05-06T00:00:00.000Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-06-23T14:31:23.576Z",
                "value": "Made public."
              }
            ],
            "title": "foreman-mcp-server: MCP Server: Active Session Hijacking via Insecure Session State Reuse",
            "workarounds": [
              {
                "lang": "en",
                "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.19::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "satellite/foreman-mcp-server-rhel9",
              "product": "Red Hat Satellite 6.19",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1782228692",
                  "versionType": "rpm"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This issue was discovered by Laura Pardo (Red Hat) and Toni Gornals (Red Hat)."
            }
          ],
          "datePublic": "2026-06-23T14:31:23.576Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in the foreman-mcp-server. A session management vulnerability in the MCP Server allows unauthenticated attackers to hijack active administrative sessions due to an improper cache of authenticated client connections, by trusting a non-secret session ID without re-validating authentication tokens and by logging all newly created session IDs to standard logs. This issue can result in privilege escalation and infrastructure-wide code execution."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-24T01:41:36.307Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2026:28438",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:28438"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-12112"
            },
            {
              "name": "RHBZ#2488031",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488031"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-06T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-06-23T14:31:23.576Z",
              "value": "Made public."
            }
          ],
          "title": "Foreman-mcp-server: mcp server: active session hijacking via insecure session state reuse",
          "workarounds": [
            {
              "lang": "en",
              "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-287: Improper Authentication"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-12112",
        "datePublished": "2026-06-23T19:40:51.360Z",
        "dateReserved": "2026-06-12T14:41:26.279Z",
        "dateUpdated": "2026-06-30T12:06:53.879Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-12515 (GCVE-0-2026-12515)

    Vulnerability from nvd – Published: 2026-06-17 15:34 – Updated: 2026-06-26 23:05
    VLAI
    Title
    Katello: missing repository authorization in content_uploads exposes cross-product content existence
    Summary
    A flaw was found in Katello's of Red Hat Satellite. A content upload functionality where insufficient authorization checks in the ContentUploadsController allowed users with the edit_products permission to query content information for repositories outside the products they were authorized to manage. An authenticated attacker could exploit this issue to determine whether specific content exists within repositories that should otherwise be inaccessible. This issue does not allow unauthorized modification, import, or publication of content.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Hardened Images     cpe:/a:redhat:hummingbird:1
    Create a notification for this product.
    Red Hat Red Hat Satellite 6     cpe:/a:redhat:satellite:6
    Create a notification for this product.
    Date Public
    2026-06-17 15:27
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-12515",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-18T15:25:59.268222Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-18T15:26:22.574Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:hummingbird:1"
              ],
              "defaultStatus": "unaffected",
              "packageName": "ctags",
              "product": "Red Hat Hardened Images",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6"
              ],
              "defaultStatus": "affected",
              "packageName": "rubygem-katello",
              "product": "Red Hat Satellite 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6"
              ],
              "defaultStatus": "affected",
              "packageName": "satellite:el8/rubygem-katello",
              "product": "Red Hat Satellite 6",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2026-06-17T15:27:46.078Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Katello\u0027s of Red Hat Satellite. A content upload functionality where insufficient authorization checks in the ContentUploadsController allowed users with the edit_products permission to query content information for repositories outside the products they were authorized to manage. An authenticated attacker could exploit this issue to determine whether specific content exists within repositories that should otherwise be inaccessible. This issue does not allow unauthorized modification, import, or publication of content."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-26T23:05:32.585Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-12515"
            },
            {
              "name": "RHBZ#2489812",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489812"
            },
            {
              "url": "https://github.com/Katello/katello/pull/11712"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-17T11:37:24.783Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-06-17T15:27:46.078Z",
              "value": "Made public."
            }
          ],
          "title": "Katello: missing repository authorization in content_uploads exposes cross-product content existence",
          "workarounds": [
            {
              "lang": "en",
              "value": "Red Hat is not aware of a practical temporary workaround that fully mitigates this issue or meets Red Hat Product Security\u0027s standards for usability, deployment, applicability, or stability. Customers are advised to apply the relevant security updates if they become available."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-862: Missing Authorization"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-12515",
        "datePublished": "2026-06-17T15:34:00.815Z",
        "dateReserved": "2026-06-17T12:39:00.644Z",
        "dateUpdated": "2026-06-26T23:05:32.585Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-44604 (GCVE-0-2026-44604)

    Vulnerability from nvd – Published: 2026-05-28 05:59 – Updated: 2026-07-02 15:24
    VLAI
    Title
    Rpm: command injection in rpmuncompress dountar() via unescaped archive top-level directory name in popen() shell command
    Summary
    A command injection vulnerability was discovered in the `rpmuncompress` utility of RPM. When extracting certain archive formats (ZIP, 7z, GEM) to a specified destination directory, the tool inserts the archive's top-level folder name into a shell command without properly sanitizing it. A specially crafted archive containing shell metacharacters in its folder name can execute arbitrary commands as the user running the extraction.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2026:28491 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2026-44604 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2460967 issue-trackingx_refsource_REDHAT
    Date Public
    2026-05-28 05:52
    Credits
    Red Hat would like to thank AISLE Research for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-44604",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-28T12:15:12.073020Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-28T12:15:33.073Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:hummingbird:1"
              ],
              "defaultStatus": "affected",
              "packageName": "rpm-main",
              "product": "Red Hat Hardened Images",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "6.0.1-6.1.hum1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:pdrive_lightspeed:0"
              ],
              "defaultStatus": "unknown",
              "packageName": "pen-drive/pen-drive-scanner-rhel9",
              "product": "Pen Drive Powered by Red Hat Lightspeed",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:quarkus:3"
              ],
              "defaultStatus": "unknown",
              "packageName": "rpm",
              "product": "Red Hat build of Quarkus Native builder",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "unknown",
              "packageName": "rpm",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "unknown",
              "packageName": "rust-bootupd",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "rpm",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "rpm",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unknown",
              "packageName": "rpm",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "unknown",
              "packageName": "rpm",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "unknown",
              "packageName": "rust-bootupd",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "unknown",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "satellite/iop-insights-engine-rhel9",
              "product": "Red Hat Satellite 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "satellite/iop-puptoo-rhel9",
              "product": "Red Hat Satellite 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "satellite/iop-yuptoo-rhel9",
              "product": "Red Hat Satellite 6",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank AISLE Research for reporting this issue."
            }
          ],
          "datePublic": "2026-05-28T05:52:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A command injection vulnerability was discovered in the `rpmuncompress` utility of RPM. When extracting certain archive formats (ZIP, 7z, GEM) to a specified destination directory, the tool inserts the archive\u0027s top-level folder name into a shell command without properly sanitizing it. A specially crafted archive containing shell metacharacters in its folder name can execute arbitrary commands as the user running the extraction."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-02T15:24:01.134Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2026:28491",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:28491"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-44604"
            },
            {
              "name": "RHBZ#2460967",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460967"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-04-23T00:27:40.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-05-28T05:52:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Rpm: command injection in rpmuncompress dountar() via unescaped archive top-level directory name in popen() shell command",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-44604",
        "datePublished": "2026-05-28T05:59:20.978Z",
        "dateReserved": "2026-05-07T03:57:03.811Z",
        "dateUpdated": "2026-07-02T15:24:01.134Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-48864 (GCVE-0-2026-48864)

    Vulnerability from nvd – Published: 2026-05-26 16:16 – Updated: 2026-06-24 01:53
    VLAI
    Title
    Libsolv: heap buffer overflow in libsolv repopagestore via unchecked decompression of malicious .solv page data
    Summary
    A flaw was found in libsolv. This heap buffer overflow occurs during the decompression of attacker-controlled compressed data within `.solv` files due to insufficient input validation. An attacker can provide a specially crafted `.solv` file, which, when processed by a vulnerable application, can lead to out-of-bounds memory access. This could result in information disclosure, alteration of program execution, or a denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2026:21333 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:28236 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2026-48864 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2460425 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Enterprise Linux 10 Unaffected: 0:0.7.33-5.el10_2 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Hardened Images Unaffected: 0.7.38-2.hum1 , < * (rpm)
        cpe:/a:redhat:hummingbird:1
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
    Create a notification for this product.
    Red Hat Red Hat Satellite 6     cpe:/a:redhat:satellite:6
    Create a notification for this product.
    Red Hat Red Hat Update Infrastructure 4 for Cloud Providers     cpe:/a:redhat:rhui:4::el8
    Create a notification for this product.
    Date Public
    2026-05-26 16:07
    Credits
    This issue was discovered by Found by AISLE in partnership with Red Hat.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-48864",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-28T03:55:45.469552Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-28T13:28:44.209Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10.2"
              ],
              "defaultStatus": "affected",
              "packageName": "libsolv",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.7.33-5.el10_2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:hummingbird:1"
              ],
              "defaultStatus": "affected",
              "packageName": "libsolv-main",
              "product": "Red Hat Hardened Images",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0.7.38-2.hum1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "affected",
              "packageName": "libsolv",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "libsolv",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "libsolv",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6"
              ],
              "defaultStatus": "affected",
              "packageName": "satellite-capsule:el8/libsolv",
              "product": "Red Hat Satellite 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhui:4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "libsolv",
              "product": "Red Hat Update Infrastructure 4 for Cloud Providers",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This issue was discovered by Found by AISLE in partnership with Red Hat."
            }
          ],
          "datePublic": "2026-05-26T16:07:55.363Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in libsolv. This heap buffer overflow occurs during the decompression of attacker-controlled compressed data within `.solv` files due to insufficient input validation. An attacker can provide a specially crafted `.solv` file, which, when processed by a vulnerable application, can lead to out-of-bounds memory access. This could result in information disclosure, alteration of program execution, or a denial of service."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-24T01:53:49.640Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2026:21333",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:21333"
            },
            {
              "name": "RHSA-2026:28236",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:28236"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-48864"
            },
            {
              "name": "RHBZ#2460425",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460425"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-04-21T23:19:41.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-05-26T16:07:55.363Z",
              "value": "Made public."
            }
          ],
          "title": "Libsolv: heap buffer overflow in libsolv repopagestore via unchecked decompression of malicious .solv page data",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-787: Out-of-bounds Write"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-48864",
        "datePublished": "2026-05-26T16:16:07.581Z",
        "dateReserved": "2026-05-25T20:59:30.306Z",
        "dateUpdated": "2026-06-24T01:53:49.640Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-9149 (GCVE-0-2026-9149)

    Vulnerability from nvd – Published: 2026-05-20 23:34 – Updated: 2026-06-26 23:16
    VLAI
    Title
    Libsolv: heap buffer overflow in libsolv repo_add_solv via negative maxsize from crafted .solv file
    Summary
    A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes a specially crafted `.solv` file containing negative size values in the `repo_add_solv` function. This leads to an undersized memory allocation and a subsequent out-of-bounds write. An attacker could exploit this to cause a denial of service (DoS).
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Enterprise Linux 10 Unaffected: 0:0.7.33-5.el10_2 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Hardened Images Unaffected: 0.7.38-2.hum1 , < * (rpm)
        cpe:/a:redhat:hummingbird:1
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
    Create a notification for this product.
    Red Hat Red Hat Satellite 6     cpe:/a:redhat:satellite:6
    Create a notification for this product.
    Red Hat Red Hat Update Infrastructure 4 for Cloud Providers     cpe:/a:redhat:rhui:4::el8
    Create a notification for this product.
    Date Public
    2026-05-20 22:19
    Credits
    This issue was discovered by AISLE in partnership with Red Hat.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-9149",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-21T12:22:28.191967Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-21T12:22:30.994Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/openSUSE/libsolv/pull/617"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10.2"
              ],
              "defaultStatus": "affected",
              "packageName": "libsolv",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.7.33-5.el10_2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:hummingbird:1"
              ],
              "defaultStatus": "affected",
              "packageName": "libsolv-main",
              "product": "Red Hat Hardened Images",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0.7.38-2.hum1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "affected",
              "packageName": "libsolv",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "libsolv",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "libsolv",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6"
              ],
              "defaultStatus": "affected",
              "packageName": "satellite-capsule:el8/libsolv",
              "product": "Red Hat Satellite 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhui:4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "libsolv",
              "product": "Red Hat Update Infrastructure 4 for Cloud Providers",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This issue was discovered by AISLE in partnership with Red Hat."
            }
          ],
          "datePublic": "2026-05-20T22:19:32.560Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes a specially crafted `.solv` file containing negative size values in the `repo_add_solv` function. This leads to an undersized memory allocation and a subsequent out-of-bounds write. An attacker could exploit this to cause a denial of service (DoS)."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-26T23:16:13.108Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2026:21333",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:21333"
            },
            {
              "name": "RHSA-2026:28236",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:28236"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-9149"
            },
            {
              "name": "RHBZ#2460380",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460380"
            },
            {
              "url": "https://github.com/openSUSE/libsolv/pull/617"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-04-21T21:20:01.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-05-20T22:19:32.560Z",
              "value": "Made public."
            }
          ],
          "title": "Libsolv: heap buffer overflow in libsolv repo_add_solv via negative maxsize from crafted .solv file",
          "workarounds": [
            {
              "lang": "en",
              "value": "To mitigate this issue, avoid processing untrusted `.solv` files with libsolv or any applications that consume `.solv` input. Ensure that all `.solv` data processed by the system originates from trusted sources only."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-122: Heap-based Buffer Overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-9149",
        "datePublished": "2026-05-20T23:34:56.473Z",
        "dateReserved": "2026-05-20T22:08:56.611Z",
        "dateUpdated": "2026-06-26T23:16:13.108Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-9150 (GCVE-0-2026-9150)

    Vulnerability from nvd – Published: 2026-05-20 23:07 – Updated: 2026-06-29 16:53
    VLAI
    Title
    Libsolv: stack-based buffer overflow in libsolv's debian metadata parser when handling sha384/sha512 checksums
    Summary
    A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv's Debian metadata parser when processing specially crafted Debian repository metadata. An attacker could exploit this by providing malicious SHA384 or SHA512 checksum tags, leading to memory corruption and a denial of service (DoS) in the affected system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Enterprise Linux 10 Unaffected: 0:0.7.33-5.el10_2 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Hardened Images Unaffected: 0.7.38-2.hum1 , < * (rpm)
        cpe:/a:redhat:hummingbird:1
    Create a notification for this product.
    Red Hat Red Hat Hardened Images Unaffected: 0.7.39-3.hum1 , < * (rpm)
        cpe:/a:redhat:hummingbird:1
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
    Create a notification for this product.
    Red Hat Red Hat Satellite 6     cpe:/a:redhat:satellite:6
    Create a notification for this product.
    Red Hat Red Hat Update Infrastructure 4 for Cloud Providers     cpe:/a:redhat:rhui:4::el8
    Create a notification for this product.
    Date Public
    2026-05-20 22:59
    Credits
    This issue was discovered by Found by AISLE in partnership with Red Hat.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-9150",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-21T14:03:20.850245Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-21T14:25:03.871Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10.2"
              ],
              "defaultStatus": "affected",
              "packageName": "libsolv",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.7.33-5.el10_2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:hummingbird:1"
              ],
              "defaultStatus": "affected",
              "packageName": "libsolv-main",
              "product": "Red Hat Hardened Images",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0.7.38-2.hum1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:hummingbird:1"
              ],
              "defaultStatus": "affected",
              "packageName": "libsolv-main",
              "product": "Red Hat Hardened Images",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0.7.39-3.hum1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "affected",
              "packageName": "libsolv",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "libsolv",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "libsolv",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6"
              ],
              "defaultStatus": "affected",
              "packageName": "satellite-capsule:el8/libsolv",
              "product": "Red Hat Satellite 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhui:4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "libsolv",
              "product": "Red Hat Update Infrastructure 4 for Cloud Providers",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This issue was discovered by Found by AISLE in partnership with Red Hat."
            }
          ],
          "datePublic": "2026-05-20T22:59:46.186Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv\u0027s Debian metadata parser when processing specially crafted Debian repository metadata. An attacker could exploit this by providing malicious SHA384 or SHA512 checksum tags, leading to memory corruption and a denial of service (DoS) in the affected system."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-29T16:53:53.089Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2026:21333",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:21333"
            },
            {
              "name": "RHSA-2026:28236",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:28236"
            },
            {
              "name": "RHSA-2026:30649",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:30649"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-9150"
            },
            {
              "name": "RHBZ#2460379",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460379"
            },
            {
              "url": "https://github.com/openSUSE/libsolv/pull/616"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-04-21T21:15:41.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-05-20T22:59:46.186Z",
              "value": "Made public."
            }
          ],
          "title": "Libsolv: stack-based buffer overflow in libsolv\u0027s debian metadata parser when handling sha384/sha512 checksums",
          "workarounds": [
            {
              "lang": "en",
              "value": "To mitigate this issue, ensure that libsolv only processes trusted and cryptographically signed Debian repository metadata. Avoid ingesting or processing `Packages` files from untrusted or unverified sources."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-121: Stack-based Buffer Overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-9150",
        "datePublished": "2026-05-20T23:07:18.213Z",
        "dateReserved": "2026-05-20T22:15:47.147Z",
        "dateUpdated": "2026-06-29T16:53:53.089Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-1961 (GCVE-0-2026-1961)

    Vulnerability from nvd – Published: 2026-03-26 12:53 – Updated: 2026-06-30 12:07
    VLAI
    Title
    Forman: foreman: remote code execution via command injection in websocket proxy
    Summary
    A flaw was found in Foreman. A remote attacker could exploit a command injection vulnerability in Foreman's WebSocket proxy implementation. This vulnerability arises from the system's use of unsanitized hostname values from compute resource providers when constructing shell commands. By operating a malicious compute resource server, an attacker could achieve remote code execution on the Foreman server when a user accesses VM VNC console functionality. This could lead to the compromise of sensitive credentials and the entire managed infrastructure.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Satellite 6.16 for RHEL 8 Unaffected: 0:3.12.0.14-1.el8sat , < * (rpm)
        cpe:/a:redhat:satellite:6.16::el8
        cpe:/a:redhat:satellite:6.16::el9
        cpe:/a:redhat:satellite_capsule:6.16::el8
        cpe:/a:redhat:satellite_capsule:6.16::el9
        cpe:/a:redhat:satellite_maintenance:6.16::el9
        cpe:/a:redhat:satellite_utils:6.16::el8
        cpe:/a:redhat:satellite_utils:6.16::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.16 for RHEL 9 Unaffected: 0:3.12.0.14-1.el9sat , < * (rpm)
        cpe:/a:redhat:satellite:6.16::el8
        cpe:/a:redhat:satellite:6.16::el9
        cpe:/a:redhat:satellite_capsule:6.16::el8
        cpe:/a:redhat:satellite_capsule:6.16::el9
        cpe:/a:redhat:satellite_maintenance:6.16::el9
        cpe:/a:redhat:satellite_utils:6.16::el8
        cpe:/a:redhat:satellite_utils:6.16::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.17 for RHEL 9 Unaffected: 0:3.14.0.14-1.el9sat , < * (rpm)
        cpe:/a:redhat:satellite:6.17::el9
        cpe:/a:redhat:satellite_capsule:6.17::el9
        cpe:/a:redhat:satellite_maintenance:6.17::el9
        cpe:/a:redhat:satellite_utils:6.17::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.17 for RHEL 9 Unaffected: 0:0.1.23-0.3.el9pc , < * (rpm)
        cpe:/a:redhat:satellite:6.17::el9
        cpe:/a:redhat:satellite_capsule:6.17::el9
        cpe:/a:redhat:satellite_maintenance:6.17::el9
        cpe:/a:redhat:satellite_utils:6.17::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.17 for RHEL 9 Unaffected: 0:1.2.0-0.1.el9pc , < * (rpm)
        cpe:/a:redhat:satellite:6.17::el9
        cpe:/a:redhat:satellite_capsule:6.17::el9
        cpe:/a:redhat:satellite_maintenance:6.17::el9
        cpe:/a:redhat:satellite_utils:6.17::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.17 for RHEL 9 Unaffected: 0:4.2.28-0.1.el9pc , < * (rpm)
        cpe:/a:redhat:satellite:6.17::el9
        cpe:/a:redhat:satellite_capsule:6.17::el9
        cpe:/a:redhat:satellite_maintenance:6.17::el9
        cpe:/a:redhat:satellite_utils:6.17::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.17 for RHEL 9 Unaffected: 0:2.22.3-1.el9pc , < * (rpm)
        cpe:/a:redhat:satellite:6.17::el9
        cpe:/a:redhat:satellite_capsule:6.17::el9
        cpe:/a:redhat:satellite_maintenance:6.17::el9
        cpe:/a:redhat:satellite_utils:6.17::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.17 for RHEL 9 Unaffected: 0:3.27.10-2.el9pc , < * (rpm)
        cpe:/a:redhat:satellite:6.17::el9
        cpe:/a:redhat:satellite_capsule:6.17::el9
        cpe:/a:redhat:satellite_maintenance:6.17::el9
        cpe:/a:redhat:satellite_utils:6.17::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.17 for RHEL 9 Unaffected: 0:1.5.1-1.el9sat , < * (rpm)
        cpe:/a:redhat:satellite:6.17::el9
        cpe:/a:redhat:satellite_capsule:6.17::el9
        cpe:/a:redhat:satellite_maintenance:6.17::el9
        cpe:/a:redhat:satellite_utils:6.17::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.17 for RHEL 9 Unaffected: 0:0.4.3-1.el9sat , < * (rpm)
        cpe:/a:redhat:satellite:6.17::el9
        cpe:/a:redhat:satellite_capsule:6.17::el9
        cpe:/a:redhat:satellite_maintenance:6.17::el9
        cpe:/a:redhat:satellite_utils:6.17::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.17 for RHEL 9 Unaffected: 0:4.16.0.14-1.el9sat , < * (rpm)
        cpe:/a:redhat:satellite:6.17::el9
        cpe:/a:redhat:satellite_capsule:6.17::el9
        cpe:/a:redhat:satellite_maintenance:6.17::el9
        cpe:/a:redhat:satellite_utils:6.17::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.17 for RHEL 9 Unaffected: 0:0.13.0-1.el9sat , < * (rpm)
        cpe:/a:redhat:satellite:6.17::el9
        cpe:/a:redhat:satellite_capsule:6.17::el9
        cpe:/a:redhat:satellite_maintenance:6.17::el9
        cpe:/a:redhat:satellite_utils:6.17::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.17 for RHEL 9 Unaffected: 0:6.17.7-1.el9sat , < * (rpm)
        cpe:/a:redhat:satellite:6.17::el9
        cpe:/a:redhat:satellite_capsule:6.17::el9
        cpe:/a:redhat:satellite_maintenance:6.17::el9
        cpe:/a:redhat:satellite_utils:6.17::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.17 for RHEL 9 Unaffected: 0:0.0.3-4.el9sat , < * (rpm)
        cpe:/a:redhat:satellite:6.17::el9
        cpe:/a:redhat:satellite_capsule:6.17::el9
        cpe:/a:redhat:satellite_maintenance:6.17::el9
        cpe:/a:redhat:satellite_utils:6.17::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.18 for RHEL 9 Unaffected: 0:3.16.0.12-1.el9sat , < * (rpm)
        cpe:/a:redhat:satellite:6.18::el9
        cpe:/a:redhat:satellite_capsule:6.18::el9
        cpe:/a:redhat:satellite_utils:6.18::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6     cpe:/a:redhat:satellite:6
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.16 for RHEL 8     cpe:/a:redhat:satellite:6.16::el8
        cpe:/a:redhat:satellite_capsule:6.16::el8
        cpe:/a:redhat:satellite_utils:6.16::el8
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.16 for RHEL 9     cpe:/a:redhat:satellite:6.16::el9
        cpe:/a:redhat:satellite_capsule:6.16::el9
        cpe:/a:redhat:satellite_maintenance:6.16::el9
        cpe:/a:redhat:satellite_utils:6.16::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.17 for RHEL 9     cpe:/a:redhat:satellite:6.17::el9
        cpe:/a:redhat:satellite_capsule:6.17::el9
        cpe:/a:redhat:satellite_maintenance:6.17::el9
        cpe:/a:redhat:satellite_utils:6.17::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.18 for RHEL 9     cpe:/a:redhat:satellite:6.18::el9
        cpe:/a:redhat:satellite_capsule:6.18::el9
        cpe:/a:redhat:satellite_utils:6.18::el9
    Create a notification for this product.
    Date Public
    2026-03-26 12:30
    Credits
    Red Hat would like to thank Houssam Sahli for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-1961",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-26T13:11:15.689121Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-26T13:11:42.162Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2026-03-27T16:18:13.602Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/03/27/3"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/a:redhat:satellite:6.16::el8",
                  "cpe:/a:redhat:satellite_capsule:6.16::el8",
                  "cpe:/a:redhat:satellite_utils:6.16::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Satellite 6.16 for RHEL 8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:satellite:6.16::el9",
                  "cpe:/a:redhat:satellite_capsule:6.16::el9",
                  "cpe:/a:redhat:satellite_maintenance:6.16::el9",
                  "cpe:/a:redhat:satellite_utils:6.16::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Satellite 6.16 for RHEL 9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:satellite:6.17::el9",
                  "cpe:/a:redhat:satellite_capsule:6.17::el9",
                  "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                  "cpe:/a:redhat:satellite_utils:6.17::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Satellite 6.17 for RHEL 9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:satellite:6.18::el9",
                  "cpe:/a:redhat:satellite_capsule:6.18::el9",
                  "cpe:/a:redhat:satellite_utils:6.18::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Satellite 6.18 for RHEL 9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:satellite:6"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Satellite 6",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-03-26T12:30:45.446Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in Foreman. A remote attacker could exploit a command injection vulnerability in Foreman\u0027s WebSocket proxy implementation. This vulnerability arises from the system\u0027s use of unsanitized hostname values from compute resource providers when constructing shell commands. By operating a malicious compute resource server, an attacker could achieve remote code execution on the Foreman server when a user accesses VM VNC console functionality. This could lead to the compromise of sensitive credentials and the entire managed infrastructure."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-78",
                    "description": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T12:07:04.779Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-1961"
              },
              {
                "name": "RHBZ#2437036",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437036"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1961.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:5971"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:5970"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:5968"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:5971: Red Hat Satellite 6.16 for RHEL 8, Red Hat Satellite 6.16 for RHEL 9"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:5970: Red Hat Satellite 6.17 for RHEL 9"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:5968: Red Hat Satellite 6.18 for RHEL 9"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-02-05T10:40:57.141Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-03-26T12:30:45.446Z",
                "value": "Made public."
              }
            ],
            "title": "forman: Foreman: Remote Code Execution via command injection in WebSocket proxy",
            "workarounds": [
              {
                "lang": "en",
                "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.16::el8",
                "cpe:/a:redhat:satellite:6.16::el9",
                "cpe:/a:redhat:satellite_capsule:6.16::el8",
                "cpe:/a:redhat:satellite_capsule:6.16::el9",
                "cpe:/a:redhat:satellite_maintenance:6.16::el9",
                "cpe:/a:redhat:satellite_utils:6.16::el8",
                "cpe:/a:redhat:satellite_utils:6.16::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.16 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.12.0.14-1.el8sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.16::el8",
                "cpe:/a:redhat:satellite:6.16::el9",
                "cpe:/a:redhat:satellite_capsule:6.16::el8",
                "cpe:/a:redhat:satellite_capsule:6.16::el9",
                "cpe:/a:redhat:satellite_maintenance:6.16::el9",
                "cpe:/a:redhat:satellite_utils:6.16::el8",
                "cpe:/a:redhat:satellite_utils:6.16::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.16 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.12.0.14-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.14.0.14-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "libcomps",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.1.23-0.3.el9pc",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "python-brotli",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.2.0-0.1.el9pc",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "python-django",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.2.28-0.1.el9pc",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "python-pulp-container",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.22.3-1.el9pc",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "python-pulp-rpm",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.27.10-2.el9pc",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rubygem-fog-kubevirt",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.5.1-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rubygem-foreman_kubevirt",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.4.3-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rubygem-katello",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.16.0.14-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rubygem-rubyipmi",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.13.0-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "satellite",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:6.17.7-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "yggdrasil-worker-forwarder",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.0.3-4.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.14.0.14-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "libcomps",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.1.23-0.3.el9pc",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "python-brotli",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.2.0-0.1.el9pc",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "python-django",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.2.28-0.1.el9pc",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "python-pulp-container",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.22.3-1.el9pc",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "python-pulp-rpm",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.27.10-2.el9pc",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rubygem-fog-kubevirt",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.5.1-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rubygem-foreman_kubevirt",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.4.3-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rubygem-katello",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.16.0.14-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rubygem-rubyipmi",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.13.0-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "satellite",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:6.17.7-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "yggdrasil-worker-forwarder",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.0.3-4.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.18::el9",
                "cpe:/a:redhat:satellite_capsule:6.18::el9",
                "cpe:/a:redhat:satellite_utils:6.18::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.18 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.16.0.12-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6"
              ],
              "defaultStatus": "affected",
              "packageName": "satellite-utils:el8/foreman",
              "product": "Red Hat Satellite 6",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Houssam Sahli for reporting this issue."
            }
          ],
          "datePublic": "2026-03-26T12:30:45.446Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Foreman. A remote attacker could exploit a command injection vulnerability in Foreman\u0027s WebSocket proxy implementation. This vulnerability arises from the system\u0027s use of unsanitized hostname values from compute resource providers when constructing shell commands. By operating a malicious compute resource server, an attacker could achieve remote code execution on the Foreman server when a user accesses VM VNC console functionality. This could lead to the compromise of sensitive credentials and the entire managed infrastructure."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T04:12:46.774Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2026:5968",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:5968"
            },
            {
              "name": "RHSA-2026:5970",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:5970"
            },
            {
              "name": "RHSA-2026:5971",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:5971"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-1961"
            },
            {
              "name": "RHBZ#2437036",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437036"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-02-05T10:40:57.141Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-03-26T12:30:45.446Z",
              "value": "Made public."
            }
          ],
          "title": "Forman: foreman: remote code execution via command injection in websocket proxy",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-1961",
        "datePublished": "2026-03-26T12:53:09.566Z",
        "dateReserved": "2026-02-05T10:43:18.671Z",
        "dateUpdated": "2026-06-30T12:07:04.779Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-4324 (GCVE-0-2026-4324)

    Vulnerability from nvd – Published: 2026-03-17 13:52 – Updated: 2026-06-01 17:33
    VLAI
    Title
    Rubygem-katello: katello: denial of service and potential information disclosure via sql injection
    Summary
    A flaw was found in the Katello plugin for Red Hat Satellite. This vulnerability, caused by improper sanitization of user-provided input, allows a remote attacker to inject arbitrary SQL commands into the sort_by parameter of the /api/hosts/bootc_images API endpoint. This can lead to a Denial of Service (DoS) by triggering database errors, and potentially enable Boolean-based Blind SQL injection, which could allow an attacker to extract sensitive information from the database.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2026:22326 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:5968 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:5970 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2026-4324 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2448349 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Satellite 6.17 for RHEL 9 Unaffected: 0:3.14.0.14-1.el9sat , < * (rpm)
        cpe:/a:redhat:satellite:6.17::el9
        cpe:/a:redhat:satellite_capsule:6.17::el9
        cpe:/a:redhat:satellite_maintenance:6.17::el9
        cpe:/a:redhat:satellite_utils:6.17::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.17 for RHEL 9 Unaffected: 0:0.1.23-0.3.el9pc , < * (rpm)
        cpe:/a:redhat:satellite:6.17::el9
        cpe:/a:redhat:satellite_capsule:6.17::el9
        cpe:/a:redhat:satellite_maintenance:6.17::el9
        cpe:/a:redhat:satellite_utils:6.17::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.17 for RHEL 9 Unaffected: 0:1.2.0-0.1.el9pc , < * (rpm)
        cpe:/a:redhat:satellite:6.17::el9
        cpe:/a:redhat:satellite_capsule:6.17::el9
        cpe:/a:redhat:satellite_maintenance:6.17::el9
        cpe:/a:redhat:satellite_utils:6.17::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.17 for RHEL 9 Unaffected: 0:4.2.28-0.1.el9pc , < * (rpm)
        cpe:/a:redhat:satellite:6.17::el9
        cpe:/a:redhat:satellite_capsule:6.17::el9
        cpe:/a:redhat:satellite_maintenance:6.17::el9
        cpe:/a:redhat:satellite_utils:6.17::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.17 for RHEL 9 Unaffected: 0:2.22.3-1.el9pc , < * (rpm)
        cpe:/a:redhat:satellite:6.17::el9
        cpe:/a:redhat:satellite_capsule:6.17::el9
        cpe:/a:redhat:satellite_maintenance:6.17::el9
        cpe:/a:redhat:satellite_utils:6.17::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.17 for RHEL 9 Unaffected: 0:3.27.10-2.el9pc , < * (rpm)
        cpe:/a:redhat:satellite:6.17::el9
        cpe:/a:redhat:satellite_capsule:6.17::el9
        cpe:/a:redhat:satellite_maintenance:6.17::el9
        cpe:/a:redhat:satellite_utils:6.17::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.17 for RHEL 9 Unaffected: 0:1.5.1-1.el9sat , < * (rpm)
        cpe:/a:redhat:satellite:6.17::el9
        cpe:/a:redhat:satellite_capsule:6.17::el9
        cpe:/a:redhat:satellite_maintenance:6.17::el9
        cpe:/a:redhat:satellite_utils:6.17::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.17 for RHEL 9 Unaffected: 0:0.4.3-1.el9sat , < * (rpm)
        cpe:/a:redhat:satellite:6.17::el9
        cpe:/a:redhat:satellite_capsule:6.17::el9
        cpe:/a:redhat:satellite_maintenance:6.17::el9
        cpe:/a:redhat:satellite_utils:6.17::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.17 for RHEL 9 Unaffected: 0:4.16.0.14-1.el9sat , < * (rpm)
        cpe:/a:redhat:satellite:6.17::el9
        cpe:/a:redhat:satellite_capsule:6.17::el9
        cpe:/a:redhat:satellite_maintenance:6.17::el9
        cpe:/a:redhat:satellite_utils:6.17::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.17 for RHEL 9 Unaffected: 0:0.13.0-1.el9sat , < * (rpm)
        cpe:/a:redhat:satellite:6.17::el9
        cpe:/a:redhat:satellite_capsule:6.17::el9
        cpe:/a:redhat:satellite_maintenance:6.17::el9
        cpe:/a:redhat:satellite_utils:6.17::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.17 for RHEL 9 Unaffected: 0:6.17.7-1.el9sat , < * (rpm)
        cpe:/a:redhat:satellite:6.17::el9
        cpe:/a:redhat:satellite_capsule:6.17::el9
        cpe:/a:redhat:satellite_maintenance:6.17::el9
        cpe:/a:redhat:satellite_utils:6.17::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.17 for RHEL 9 Unaffected: 0:0.0.3-4.el9sat , < * (rpm)
        cpe:/a:redhat:satellite:6.17::el9
        cpe:/a:redhat:satellite_capsule:6.17::el9
        cpe:/a:redhat:satellite_maintenance:6.17::el9
        cpe:/a:redhat:satellite_utils:6.17::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.18 for RHEL 9 Unaffected: 0:4.18.0.9-1.el9sat , < * (rpm)
        cpe:/a:redhat:satellite:6.18::el9
        cpe:/a:redhat:satellite_capsule:6.18::el9
        cpe:/a:redhat:satellite_utils:6.18::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.19 for RHEL 9 Unaffected: 0:4.20.0.4-1.el9sat , < * (rpm)
        cpe:/a:redhat:satellite:6.19::el9
        cpe:/a:redhat:satellite_capsule:6.19::el9
        cpe:/a:redhat:satellite_maintenance:6.19::el9
        cpe:/a:redhat:satellite_utils:6.19::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6     cpe:/a:redhat:satellite:6
    Create a notification for this product.
    Date Public
    2026-03-17 13:18
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-4324",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-17T14:26:51.385589Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-17T14:26:57.579Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.14.0.14-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "libcomps",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.1.23-0.3.el9pc",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "python-brotli",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.2.0-0.1.el9pc",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "python-django",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.2.28-0.1.el9pc",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "python-pulp-container",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.22.3-1.el9pc",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "python-pulp-rpm",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.27.10-2.el9pc",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rubygem-fog-kubevirt",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.5.1-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rubygem-foreman_kubevirt",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.4.3-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rubygem-katello",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.16.0.14-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rubygem-rubyipmi",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.13.0-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "satellite",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:6.17.7-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "yggdrasil-worker-forwarder",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.0.3-4.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.14.0.14-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "libcomps",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.1.23-0.3.el9pc",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "python-brotli",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.2.0-0.1.el9pc",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "python-django",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.2.28-0.1.el9pc",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "python-pulp-container",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.22.3-1.el9pc",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "python-pulp-rpm",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.27.10-2.el9pc",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rubygem-fog-kubevirt",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.5.1-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rubygem-foreman_kubevirt",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.4.3-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rubygem-katello",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.16.0.14-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rubygem-rubyipmi",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.13.0-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "satellite",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:6.17.7-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "yggdrasil-worker-forwarder",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.0.3-4.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.18::el9",
                "cpe:/a:redhat:satellite_capsule:6.18::el9",
                "cpe:/a:redhat:satellite_utils:6.18::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rubygem-katello",
              "product": "Red Hat Satellite 6.18 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.18.0.9-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.19::el9",
                "cpe:/a:redhat:satellite_capsule:6.19::el9",
                "cpe:/a:redhat:satellite_maintenance:6.19::el9",
                "cpe:/a:redhat:satellite_utils:6.19::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rubygem-katello",
              "product": "Red Hat Satellite 6.19 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.20.0.4-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6"
              ],
              "defaultStatus": "unaffected",
              "packageName": "satellite:el8/rubygem-katello",
              "product": "Red Hat Satellite 6",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2026-03-17T13:18:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in the Katello plugin for Red Hat Satellite. This vulnerability, caused by improper sanitization of user-provided input, allows a remote attacker to inject arbitrary SQL commands into the sort_by parameter of the /api/hosts/bootc_images API endpoint. This can lead to a Denial of Service (DoS) by triggering database errors, and potentially enable Boolean-based Blind SQL injection, which could allow an attacker to extract sensitive information from the database."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-01T17:33:36.979Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2026:22326",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:22326"
            },
            {
              "name": "RHSA-2026:5968",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:5968"
            },
            {
              "name": "RHSA-2026:5970",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:5970"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-4324"
            },
            {
              "name": "RHBZ#2448349",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448349"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-03-17T12:28:40.127Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-03-17T13:18:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Rubygem-katello: katello: denial of service and potential information disclosure via sql injection",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-4324",
        "datePublished": "2026-03-17T13:52:14.756Z",
        "dateReserved": "2026-03-17T12:30:29.903Z",
        "dateUpdated": "2026-06-01T17:33:36.979Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-5138 (GCVE-0-2026-5138)

    Vulnerability from cvelistv5 – Published: 2026-07-01 14:08 – Updated: 2026-07-01 23:53
    VLAI
    Title
    Foreman: foreman: information disclosure via improper validation of nested request parameters
    Summary
    A flaw was found in Foreman. An authenticated user with host-edit permissions could exploit a cross-tenant information disclosure vulnerability. This flaw occurs because the taxonomy_scope controller method does not properly validate organization and location IDs from nested request parameters, bypassing existing authorization checks. This allows the user to leak sensitive infrastructure metadata, including subnet topology, IP ranges, gateways, DNS servers, and VLAN IDs, from organizations and locations they are not authorized to access.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2026:34365 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34366 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34367 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34368 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2026-5138 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2452971 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Satellite 6.16 for RHEL 8 Unaffected: 0:3.12.0.17-1.el8sat , < * (rpm)
        cpe:/a:redhat:satellite:6.16::el8
        cpe:/a:redhat:satellite:6.16::el9
        cpe:/a:redhat:satellite_capsule:6.16::el8
        cpe:/a:redhat:satellite_capsule:6.16::el9
        cpe:/a:redhat:satellite_maintenance:6.16::el8
        cpe:/a:redhat:satellite_maintenance:6.16::el9
        cpe:/a:redhat:satellite_utils:6.16::el8
        cpe:/a:redhat:satellite_utils:6.16::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.16 for RHEL 9 Unaffected: 0:3.12.0.17-1.el9sat , < * (rpm)
        cpe:/a:redhat:satellite:6.16::el8
        cpe:/a:redhat:satellite:6.16::el9
        cpe:/a:redhat:satellite_capsule:6.16::el8
        cpe:/a:redhat:satellite_capsule:6.16::el9
        cpe:/a:redhat:satellite_maintenance:6.16::el8
        cpe:/a:redhat:satellite_maintenance:6.16::el9
        cpe:/a:redhat:satellite_utils:6.16::el8
        cpe:/a:redhat:satellite_utils:6.16::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.17 for RHEL 9 Unaffected: 0:3.14.0.17-1.el9sat , < * (rpm)
        cpe:/a:redhat:satellite:6.17::el9
        cpe:/a:redhat:satellite_capsule:6.17::el9
        cpe:/a:redhat:satellite_maintenance:6.17::el9
        cpe:/a:redhat:satellite_utils:6.17::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.18 for RHEL 9 Unaffected: 0:3.16.0.17-1.el9sat , < * (rpm)
        cpe:/a:redhat:satellite:6.18::el9
        cpe:/a:redhat:satellite_capsule:6.18::el9
        cpe:/a:redhat:satellite_utils:6.18::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.19 for RHEL 9 Unaffected: 0:3.18.0.7-1.el9sat , < * (rpm)
        cpe:/a:redhat:satellite:6.19::el9
        cpe:/a:redhat:satellite_capsule:6.19::el9
        cpe:/a:redhat:satellite_maintenance:6.19::el9
        cpe:/a:redhat:satellite_utils:6.19::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6     cpe:/a:redhat:satellite:6
    Create a notification for this product.
    Date Public
    2026-07-01 12:29
    Credits
    Red Hat would like to thank Stanislav Fot (Aisle Research) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-5138",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T14:39:42.711601Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T14:39:49.816Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.16::el8",
                "cpe:/a:redhat:satellite:6.16::el9",
                "cpe:/a:redhat:satellite_capsule:6.16::el8",
                "cpe:/a:redhat:satellite_capsule:6.16::el9",
                "cpe:/a:redhat:satellite_maintenance:6.16::el8",
                "cpe:/a:redhat:satellite_maintenance:6.16::el9",
                "cpe:/a:redhat:satellite_utils:6.16::el8",
                "cpe:/a:redhat:satellite_utils:6.16::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.16 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.12.0.17-1.el8sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.16::el8",
                "cpe:/a:redhat:satellite:6.16::el9",
                "cpe:/a:redhat:satellite_capsule:6.16::el8",
                "cpe:/a:redhat:satellite_capsule:6.16::el9",
                "cpe:/a:redhat:satellite_maintenance:6.16::el8",
                "cpe:/a:redhat:satellite_maintenance:6.16::el9",
                "cpe:/a:redhat:satellite_utils:6.16::el8",
                "cpe:/a:redhat:satellite_utils:6.16::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.16 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.12.0.17-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.14.0.17-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.18::el9",
                "cpe:/a:redhat:satellite_capsule:6.18::el9",
                "cpe:/a:redhat:satellite_utils:6.18::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.18 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.16.0.17-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.19::el9",
                "cpe:/a:redhat:satellite_capsule:6.19::el9",
                "cpe:/a:redhat:satellite_maintenance:6.19::el9",
                "cpe:/a:redhat:satellite_utils:6.19::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.19 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.18.0.7-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6"
              ],
              "defaultStatus": "affected",
              "packageName": "satellite-capsule:el8/foreman",
              "product": "Red Hat Satellite 6",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Stanislav Fot (Aisle Research) for reporting this issue."
            }
          ],
          "datePublic": "2026-07-01T12:29:33.423Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Foreman. An authenticated user with host-edit permissions could exploit a cross-tenant information disclosure vulnerability. This flaw occurs because the taxonomy_scope controller method does not properly validate organization and location IDs from nested request parameters, bypassing existing authorization checks. This allows the user to leak sensitive infrastructure metadata, including subnet topology, IP ranges, gateways, DNS servers, and VLAN IDs, from organizations and locations they are not authorized to access."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T23:53:14.772Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2026:34365",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:34365"
            },
            {
              "name": "RHSA-2026:34366",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:34366"
            },
            {
              "name": "RHSA-2026:34367",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:34367"
            },
            {
              "name": "RHSA-2026:34368",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:34368"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-5138"
            },
            {
              "name": "RHBZ#2452971",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452971"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-03-30T10:51:04.461Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-07-01T12:29:33.423Z",
              "value": "Made public."
            }
          ],
          "title": "Foreman: foreman: information disclosure via improper validation of nested request parameters",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-639: Authorization Bypass Through User-Controlled Key"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-5138",
        "datePublished": "2026-07-01T14:08:43.978Z",
        "dateReserved": "2026-03-30T10:53:25.776Z",
        "dateUpdated": "2026-07-01T23:53:14.772Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-5135 (GCVE-0-2026-5135)

    Vulnerability from cvelistv5 – Published: 2026-07-01 14:08 – Updated: 2026-07-01 23:53
    VLAI
    Title
    Foreman: foreman: unauthorized modification of host configurations via broken access control
    Summary
    A flaw was found in Foreman. This broken access control vulnerability allows an authenticated user with host-edit permissions to retarget an existing lookup value override to a different host. This is achieved by modifying the match field through nested host attributes, effectively bypassing authorisation checks. The consequence is the potential for unauthorised modification of managed host configurations across different organisational and location boundaries.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2026:34365 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34366 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34367 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34368 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2026-5135 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2452230 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Satellite 6.16 for RHEL 8 Unaffected: 0:3.12.0.17-1.el8sat , < * (rpm)
        cpe:/a:redhat:satellite:6.16::el8
        cpe:/a:redhat:satellite:6.16::el9
        cpe:/a:redhat:satellite_capsule:6.16::el8
        cpe:/a:redhat:satellite_capsule:6.16::el9
        cpe:/a:redhat:satellite_maintenance:6.16::el8
        cpe:/a:redhat:satellite_maintenance:6.16::el9
        cpe:/a:redhat:satellite_utils:6.16::el8
        cpe:/a:redhat:satellite_utils:6.16::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.16 for RHEL 9 Unaffected: 0:3.12.0.17-1.el9sat , < * (rpm)
        cpe:/a:redhat:satellite:6.16::el8
        cpe:/a:redhat:satellite:6.16::el9
        cpe:/a:redhat:satellite_capsule:6.16::el8
        cpe:/a:redhat:satellite_capsule:6.16::el9
        cpe:/a:redhat:satellite_maintenance:6.16::el8
        cpe:/a:redhat:satellite_maintenance:6.16::el9
        cpe:/a:redhat:satellite_utils:6.16::el8
        cpe:/a:redhat:satellite_utils:6.16::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.17 for RHEL 9 Unaffected: 0:3.14.0.17-1.el9sat , < * (rpm)
        cpe:/a:redhat:satellite:6.17::el9
        cpe:/a:redhat:satellite_capsule:6.17::el9
        cpe:/a:redhat:satellite_maintenance:6.17::el9
        cpe:/a:redhat:satellite_utils:6.17::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.18 for RHEL 9 Unaffected: 0:3.16.0.17-1.el9sat , < * (rpm)
        cpe:/a:redhat:satellite:6.18::el9
        cpe:/a:redhat:satellite_capsule:6.18::el9
        cpe:/a:redhat:satellite_utils:6.18::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.19 for RHEL 9 Unaffected: 0:3.18.0.7-1.el9sat , < * (rpm)
        cpe:/a:redhat:satellite:6.19::el9
        cpe:/a:redhat:satellite_capsule:6.19::el9
        cpe:/a:redhat:satellite_maintenance:6.19::el9
        cpe:/a:redhat:satellite_utils:6.19::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6     cpe:/a:redhat:satellite:6
    Create a notification for this product.
    Date Public
    2026-04-15 12:34
    Credits
    Red Hat would like to thank Stanislav Fot (Aisle Research) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-5135",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T14:52:27.488776Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T14:54:21.883Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.16::el8",
                "cpe:/a:redhat:satellite:6.16::el9",
                "cpe:/a:redhat:satellite_capsule:6.16::el8",
                "cpe:/a:redhat:satellite_capsule:6.16::el9",
                "cpe:/a:redhat:satellite_maintenance:6.16::el8",
                "cpe:/a:redhat:satellite_maintenance:6.16::el9",
                "cpe:/a:redhat:satellite_utils:6.16::el8",
                "cpe:/a:redhat:satellite_utils:6.16::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.16 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.12.0.17-1.el8sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.16::el8",
                "cpe:/a:redhat:satellite:6.16::el9",
                "cpe:/a:redhat:satellite_capsule:6.16::el8",
                "cpe:/a:redhat:satellite_capsule:6.16::el9",
                "cpe:/a:redhat:satellite_maintenance:6.16::el8",
                "cpe:/a:redhat:satellite_maintenance:6.16::el9",
                "cpe:/a:redhat:satellite_utils:6.16::el8",
                "cpe:/a:redhat:satellite_utils:6.16::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.16 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.12.0.17-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.14.0.17-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.18::el9",
                "cpe:/a:redhat:satellite_capsule:6.18::el9",
                "cpe:/a:redhat:satellite_utils:6.18::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.18 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.16.0.17-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.19::el9",
                "cpe:/a:redhat:satellite_capsule:6.19::el9",
                "cpe:/a:redhat:satellite_maintenance:6.19::el9",
                "cpe:/a:redhat:satellite_utils:6.19::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.19 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.18.0.7-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6"
              ],
              "defaultStatus": "affected",
              "packageName": "satellite-capsule:el8/foreman",
              "product": "Red Hat Satellite 6",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Stanislav Fot (Aisle Research) for reporting this issue."
            }
          ],
          "datePublic": "2026-04-15T12:34:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Foreman. This broken access control vulnerability allows an authenticated user with host-edit permissions to retarget an existing lookup value override to a different host. This is achieved by modifying the match field through nested host attributes, effectively bypassing authorisation checks. The consequence is the potential for unauthorised modification of managed host configurations across different organisational and location boundaries."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T23:53:14.087Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2026:34365",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:34365"
            },
            {
              "name": "RHSA-2026:34366",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:34366"
            },
            {
              "name": "RHSA-2026:34367",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:34367"
            },
            {
              "name": "RHSA-2026:34368",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:34368"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-5135"
            },
            {
              "name": "RHBZ#2452230",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452230"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-03-27T13:22:30.704Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-04-15T12:34:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Foreman: foreman: unauthorized modification of host configurations via broken access control",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-639: Authorization Bypass Through User-Controlled Key"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-5135",
        "datePublished": "2026-07-01T14:08:39.712Z",
        "dateReserved": "2026-03-30T10:42:55.307Z",
        "dateUpdated": "2026-07-01T23:53:14.087Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-5142 (GCVE-0-2026-5142)

    Vulnerability from cvelistv5 – Published: 2026-07-01 14:07 – Updated: 2026-07-01 23:53
    VLAI
    Title
    Foreman: foreman: cross-tenant private ssh key disclosure via taxonomy scoping bypass
    Summary
    A flaw was found in foreman. Authenticated users with 'view_keypairs' permission can bypass taxonomy scoping, allowing them to download private SSH (Secure Shell) keys from other organizations by directly querying key pair IDs. This vulnerability leads to cross-tenant data exposure in multi-tenant deployments, potentially compromising sensitive information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2026:34365 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34366 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34367 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34368 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2026-5142 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2452999 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Satellite 6.16 for RHEL 8 Unaffected: 0:3.12.0.17-1.el8sat , < * (rpm)
        cpe:/a:redhat:satellite:6.16::el8
        cpe:/a:redhat:satellite:6.16::el9
        cpe:/a:redhat:satellite_capsule:6.16::el8
        cpe:/a:redhat:satellite_capsule:6.16::el9
        cpe:/a:redhat:satellite_maintenance:6.16::el8
        cpe:/a:redhat:satellite_maintenance:6.16::el9
        cpe:/a:redhat:satellite_utils:6.16::el8
        cpe:/a:redhat:satellite_utils:6.16::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.16 for RHEL 9 Unaffected: 0:3.12.0.17-1.el9sat , < * (rpm)
        cpe:/a:redhat:satellite:6.16::el8
        cpe:/a:redhat:satellite:6.16::el9
        cpe:/a:redhat:satellite_capsule:6.16::el8
        cpe:/a:redhat:satellite_capsule:6.16::el9
        cpe:/a:redhat:satellite_maintenance:6.16::el8
        cpe:/a:redhat:satellite_maintenance:6.16::el9
        cpe:/a:redhat:satellite_utils:6.16::el8
        cpe:/a:redhat:satellite_utils:6.16::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.17 for RHEL 9 Unaffected: 0:3.14.0.17-1.el9sat , < * (rpm)
        cpe:/a:redhat:satellite:6.17::el9
        cpe:/a:redhat:satellite_capsule:6.17::el9
        cpe:/a:redhat:satellite_maintenance:6.17::el9
        cpe:/a:redhat:satellite_utils:6.17::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.18 for RHEL 9 Unaffected: 0:3.16.0.17-1.el9sat , < * (rpm)
        cpe:/a:redhat:satellite:6.18::el9
        cpe:/a:redhat:satellite_capsule:6.18::el9
        cpe:/a:redhat:satellite_utils:6.18::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.19 for RHEL 9 Unaffected: 0:3.18.0.7-1.el9sat , < * (rpm)
        cpe:/a:redhat:satellite:6.19::el9
        cpe:/a:redhat:satellite_capsule:6.19::el9
        cpe:/a:redhat:satellite_maintenance:6.19::el9
        cpe:/a:redhat:satellite_utils:6.19::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6     cpe:/a:redhat:satellite:6
    Create a notification for this product.
    Date Public
    2026-04-30 12:34
    Credits
    Red Hat would like to thank Stanislav Fot (Aisle Research) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-5142",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T15:01:12.115967Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T15:01:19.821Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.16::el8",
                "cpe:/a:redhat:satellite:6.16::el9",
                "cpe:/a:redhat:satellite_capsule:6.16::el8",
                "cpe:/a:redhat:satellite_capsule:6.16::el9",
                "cpe:/a:redhat:satellite_maintenance:6.16::el8",
                "cpe:/a:redhat:satellite_maintenance:6.16::el9",
                "cpe:/a:redhat:satellite_utils:6.16::el8",
                "cpe:/a:redhat:satellite_utils:6.16::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.16 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.12.0.17-1.el8sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.16::el8",
                "cpe:/a:redhat:satellite:6.16::el9",
                "cpe:/a:redhat:satellite_capsule:6.16::el8",
                "cpe:/a:redhat:satellite_capsule:6.16::el9",
                "cpe:/a:redhat:satellite_maintenance:6.16::el8",
                "cpe:/a:redhat:satellite_maintenance:6.16::el9",
                "cpe:/a:redhat:satellite_utils:6.16::el8",
                "cpe:/a:redhat:satellite_utils:6.16::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.16 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.12.0.17-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.14.0.17-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.18::el9",
                "cpe:/a:redhat:satellite_capsule:6.18::el9",
                "cpe:/a:redhat:satellite_utils:6.18::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.18 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.16.0.17-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.19::el9",
                "cpe:/a:redhat:satellite_capsule:6.19::el9",
                "cpe:/a:redhat:satellite_maintenance:6.19::el9",
                "cpe:/a:redhat:satellite_utils:6.19::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.19 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.18.0.7-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6"
              ],
              "defaultStatus": "affected",
              "packageName": "satellite-capsule:el8/foreman",
              "product": "Red Hat Satellite 6",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Stanislav Fot (Aisle Research) for reporting this issue."
            }
          ],
          "datePublic": "2026-04-30T12:34:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in foreman. Authenticated users with \u0027view_keypairs\u0027 permission can bypass taxonomy scoping, allowing them to download private SSH (Secure Shell) keys from other organizations by directly querying key pair IDs. This vulnerability leads to cross-tenant data exposure in multi-tenant deployments, potentially compromising sensitive information."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T23:53:16.614Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2026:34365",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:34365"
            },
            {
              "name": "RHSA-2026:34366",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:34366"
            },
            {
              "name": "RHSA-2026:34367",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:34367"
            },
            {
              "name": "RHSA-2026:34368",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:34368"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-5142"
            },
            {
              "name": "RHBZ#2452999",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452999"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-03-30T12:04:45.283Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-04-30T12:34:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Foreman: foreman: cross-tenant private ssh key disclosure via taxonomy scoping bypass",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-639: Authorization Bypass Through User-Controlled Key"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-5142",
        "datePublished": "2026-07-01T14:07:55.662Z",
        "dateReserved": "2026-03-30T12:08:56.764Z",
        "dateUpdated": "2026-07-01T23:53:16.614Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-5136 (GCVE-0-2026-5136)

    Vulnerability from cvelistv5 – Published: 2026-07-01 13:28 – Updated: 2026-07-02 03:56
    VLAI
    Title
    Foreman: foreman: privilege escalation to administrator-level access via usergroup role assignment manipulation
    Summary
    A flaw was found in Foreman. The Usergroup model in Foreman does not properly validate role assignments against the calling user's permissions. This allows an authenticated user with usergroup management permissions to attach arbitrary roles, including administrative roles, to a user group and then add themselves as a member. Successful exploitation of this vulnerability leads to full privilege escalation, granting the attacker administrator-level access.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-266 - Incorrect Privilege Assignment
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2026:34365 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34366 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34367 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34368 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2026-5136 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2452970 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Satellite 6.16 for RHEL 8 Unaffected: 0:3.12.0.17-1.el8sat , < * (rpm)
        cpe:/a:redhat:satellite:6.16::el8
        cpe:/a:redhat:satellite:6.16::el9
        cpe:/a:redhat:satellite_capsule:6.16::el8
        cpe:/a:redhat:satellite_capsule:6.16::el9
        cpe:/a:redhat:satellite_maintenance:6.16::el8
        cpe:/a:redhat:satellite_maintenance:6.16::el9
        cpe:/a:redhat:satellite_utils:6.16::el8
        cpe:/a:redhat:satellite_utils:6.16::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.16 for RHEL 9 Unaffected: 0:3.12.0.17-1.el9sat , < * (rpm)
        cpe:/a:redhat:satellite:6.16::el8
        cpe:/a:redhat:satellite:6.16::el9
        cpe:/a:redhat:satellite_capsule:6.16::el8
        cpe:/a:redhat:satellite_capsule:6.16::el9
        cpe:/a:redhat:satellite_maintenance:6.16::el8
        cpe:/a:redhat:satellite_maintenance:6.16::el9
        cpe:/a:redhat:satellite_utils:6.16::el8
        cpe:/a:redhat:satellite_utils:6.16::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.17 for RHEL 9 Unaffected: 0:3.14.0.17-1.el9sat , < * (rpm)
        cpe:/a:redhat:satellite:6.17::el9
        cpe:/a:redhat:satellite_capsule:6.17::el9
        cpe:/a:redhat:satellite_maintenance:6.17::el9
        cpe:/a:redhat:satellite_utils:6.17::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.18 for RHEL 9 Unaffected: 0:3.16.0.17-1.el9sat , < * (rpm)
        cpe:/a:redhat:satellite:6.18::el9
        cpe:/a:redhat:satellite_capsule:6.18::el9
        cpe:/a:redhat:satellite_utils:6.18::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.19 for RHEL 9 Unaffected: 0:3.18.0.7-1.el9sat , < * (rpm)
        cpe:/a:redhat:satellite:6.19::el9
        cpe:/a:redhat:satellite_capsule:6.19::el9
        cpe:/a:redhat:satellite_maintenance:6.19::el9
        cpe:/a:redhat:satellite_utils:6.19::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6     cpe:/a:redhat:satellite:6
    Create a notification for this product.
    Date Public
    2026-07-01 12:28
    Credits
    Red Hat would like to thank Stanislav Fot (Aisle Research) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-5136",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-02T03:56:14.203Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.16::el8",
                "cpe:/a:redhat:satellite:6.16::el9",
                "cpe:/a:redhat:satellite_capsule:6.16::el8",
                "cpe:/a:redhat:satellite_capsule:6.16::el9",
                "cpe:/a:redhat:satellite_maintenance:6.16::el8",
                "cpe:/a:redhat:satellite_maintenance:6.16::el9",
                "cpe:/a:redhat:satellite_utils:6.16::el8",
                "cpe:/a:redhat:satellite_utils:6.16::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.16 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.12.0.17-1.el8sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.16::el8",
                "cpe:/a:redhat:satellite:6.16::el9",
                "cpe:/a:redhat:satellite_capsule:6.16::el8",
                "cpe:/a:redhat:satellite_capsule:6.16::el9",
                "cpe:/a:redhat:satellite_maintenance:6.16::el8",
                "cpe:/a:redhat:satellite_maintenance:6.16::el9",
                "cpe:/a:redhat:satellite_utils:6.16::el8",
                "cpe:/a:redhat:satellite_utils:6.16::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.16 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.12.0.17-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.14.0.17-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.18::el9",
                "cpe:/a:redhat:satellite_capsule:6.18::el9",
                "cpe:/a:redhat:satellite_utils:6.18::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.18 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.16.0.17-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.19::el9",
                "cpe:/a:redhat:satellite_capsule:6.19::el9",
                "cpe:/a:redhat:satellite_maintenance:6.19::el9",
                "cpe:/a:redhat:satellite_utils:6.19::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.19 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.18.0.7-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6"
              ],
              "defaultStatus": "affected",
              "packageName": "satellite-capsule:el8/foreman",
              "product": "Red Hat Satellite 6",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Stanislav Fot (Aisle Research) for reporting this issue."
            }
          ],
          "datePublic": "2026-07-01T12:28:21.744Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Foreman. The Usergroup model in Foreman does not properly validate role assignments against the calling user\u0027s permissions. This allows an authenticated user with usergroup management permissions to attach arbitrary roles, including administrative roles, to a user group and then add themselves as a member. Successful exploitation of this vulnerability leads to full privilege escalation, granting the attacker administrator-level access."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-266",
                  "description": "Incorrect Privilege Assignment",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T23:37:57.480Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2026:34365",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:34365"
            },
            {
              "name": "RHSA-2026:34366",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:34366"
            },
            {
              "name": "RHSA-2026:34367",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:34367"
            },
            {
              "name": "RHSA-2026:34368",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:34368"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-5136"
            },
            {
              "name": "RHBZ#2452970",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452970"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-03-30T10:41:48.559Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-07-01T12:28:21.744Z",
              "value": "Made public."
            }
          ],
          "title": "Foreman: foreman: privilege escalation to administrator-level access via usergroup role assignment manipulation",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-266: Incorrect Privilege Assignment"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-5136",
        "datePublished": "2026-07-01T13:28:00.316Z",
        "dateReserved": "2026-03-30T10:47:46.043Z",
        "dateUpdated": "2026-07-02T03:56:14.203Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-13316 (GCVE-0-2026-13316)

    Vulnerability from cvelistv5 – Published: 2026-06-30 09:53 – Updated: 2026-07-01 10:11
    VLAI
    Title
    Foreman: ssrf to cloud metada service through unvalidated test_url parameters in foreman config
    Summary
    A flaw has been found in foreman when HTTP parameters are modified in http_proxies_controller and http_proxy files. Attackers can perform an SSRF attack and steal cloud metadata service on AWS/GCP/Azure environment through foreman component.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    References
    URL Tags
    https://access.redhat.com/security/cve/CVE-2026-13316 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2490345 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Satellite 6     cpe:/a:redhat:satellite:6
    Create a notification for this product.
    Date Public
    2026-06-18 12:00
    Credits
    Red Hat would like to thank Martin Brodeur (Fluentlogic.org GH: brodmart) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-13316",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-30T13:16:34.459169Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T13:16:44.600Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6"
              ],
              "defaultStatus": "affected",
              "packageName": "satellite-utils:el8/foreman",
              "product": "Red Hat Satellite 6",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Martin Brodeur (Fluentlogic.org GH: brodmart) for reporting this issue."
            }
          ],
          "datePublic": "2026-06-18T12:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw has been found in foreman when HTTP parameters are modified in http_proxies_controller and http_proxy files. Attackers can perform an SSRF attack and steal cloud metadata service on AWS/GCP/Azure environment through foreman component."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T10:11:10.277Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-13316"
            },
            {
              "name": "RHBZ#2490345",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490345"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-18T12:51:36.648Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-06-18T12:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Foreman: ssrf to cloud metada service through unvalidated test_url parameters in foreman config",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-918: Server-Side Request Forgery (SSRF)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-13316",
        "datePublished": "2026-06-30T09:53:03.409Z",
        "dateReserved": "2026-06-25T07:46:22.379Z",
        "dateUpdated": "2026-07-01T10:11:10.277Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-9800 (GCVE-0-2026-9800)

    Vulnerability from cvelistv5 – Published: 2026-06-25 16:16 – Updated: 2026-07-02 12:04
    VLAI
    Title
    Keycloak-policy-enforcer: keycloak policy enforcer: authorization bypass via incorrect uri comparison
    Summary
    A flaw was found in Keycloak Policy Enforcer. This vulnerability allows any authenticated user to bypass all authorization policies, including role, scope, and User-Managed Access (UMA) permission checks. By including the configured access-denied page path within a request URL, either as a path segment or a query parameter, an attacker can gain unauthorized access to protected resources.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1025 - Comparison Using Wrong Factors
    Assigner
    References
    Impacted products
    Vendor Product Version
    Red Hat Red Hat build of Keycloak 26.4 Unaffected: 26.4.13-1 , < * (rpm)
        cpe:/a:redhat:build_keycloak:26.4::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.4 Unaffected: 26.4-19 , < * (rpm)
        cpe:/a:redhat:build_keycloak:26.4::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.4.13     cpe:/a:redhat:build_keycloak:26.4::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.6 Unaffected: 26.6.4-2 , < * (rpm)
        cpe:/a:redhat:build_keycloak:26.6::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.6 Unaffected: 26.6-8 , < * (rpm)
        cpe:/a:redhat:build_keycloak:26.6::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.6.4     cpe:/a:redhat:build_keycloak:26.6::el9
    Create a notification for this product.
    Red Hat Red Hat build of Quarkus     cpe:/a:redhat:quarkus:3
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform Expansion Pack     cpe:/a:redhat:jbosseapxp
    Create a notification for this product.
    Red Hat Red Hat Satellite 6     cpe:/a:redhat:satellite:6
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7     cpe:/a:redhat:red_hat_single_sign_on:7
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.4     cpe:/a:redhat:build_keycloak:26.4::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.6     cpe:/a:redhat:build_keycloak:26.6::el9
    Create a notification for this product.
    Date Public
    2026-05-19 00:00
    Credits
    Red Hat would like to thank Bas Levering for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-9800",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-25T17:27:58.852057Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-25T17:29:38.796Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/a:redhat:build_keycloak:26.4::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat build of Keycloak 26.4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:build_keycloak:26.6::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat build of Keycloak 26.6",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:build_keycloak:26.4::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat build of Keycloak 26.4.13",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:build_keycloak:26.6::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat build of Keycloak 26.6.4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:quarkus:3"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat build of Quarkus",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jbosseapxp"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:red_hat_single_sign_on:7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Single Sign-On 7",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:satellite:6"
                ],
                "defaultStatus": "unknown",
                "product": "Red Hat Satellite 6",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-05-19T00:00:00.000Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in Keycloak Policy Enforcer. This vulnerability allows any authenticated user to bypass all authorization policies, including role, scope, and User-Managed Access (UMA) permission checks. By including the configured access-denied page path within a request URL, either as a path segment or a query parameter, an attacker can gain unauthorized access to protected resources."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 8.1,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-1025",
                    "description": "Comparison Using Wrong Factors",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-02T12:04:42.028Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-9800"
              },
              {
                "name": "RHBZ#2482472",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482472"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-9800.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:30050"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:30084"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:30049"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:30083"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:30050: Red Hat build of Keycloak 26.4"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:30084: Red Hat build of Keycloak 26.6"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:30049: Red Hat build of Keycloak 26.4.13"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:30083: Red Hat build of Keycloak 26.6.4"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-05-28T03:57:56.111Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-05-19T00:00:00.000Z",
                "value": "Made public."
              }
            ],
            "title": "keycloak-policy-enforcer: Keycloak Policy Enforcer: Authorization bypass via incorrect URI comparison",
            "workarounds": [
              {
                "lang": "en",
                "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-operator-bundle",
              "product": "Red Hat build of Keycloak 26.4",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "26.4.13-1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-rhel9",
              "product": "Red Hat build of Keycloak 26.4",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "26.4-19",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-rhel9-operator",
              "product": "Red Hat build of Keycloak 26.4",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "26.4-19",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.4::el9"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rhbk/keycloak-rhel9",
              "product": "Red Hat build of Keycloak 26.4.13",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.6::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-operator-bundle",
              "product": "Red Hat build of Keycloak 26.6",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "26.6.4-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.6::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-rhel9",
              "product": "Red Hat build of Keycloak 26.6",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "26.6-8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.6::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-rhel9-operator",
              "product": "Red Hat build of Keycloak 26.6",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "26.6-8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.6::el9"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rhbk/keycloak-rhel9",
              "product": "Red Hat build of Keycloak 26.6.4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:quarkus:3"
              ],
              "defaultStatus": "unknown",
              "packageName": "keycloak-policy-enforcer",
              "product": "Red Hat build of Quarkus",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "affected",
              "packageName": "keycloak-policy-enforcer",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "candlepin",
              "product": "Red Hat Satellite 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "satellite:el8/candlepin",
              "product": "Red Hat Satellite 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "servlet-policy-enforcer",
              "product": "Red Hat Single Sign-On 7",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Bas Levering for reporting this issue."
            }
          ],
          "datePublic": "2026-05-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Keycloak Policy Enforcer. This vulnerability allows any authenticated user to bypass all authorization policies, including role, scope, and User-Managed Access (UMA) permission checks. By including the configured access-denied page path within a request URL, either as a path segment or a query parameter, an attacker can gain unauthorized access to protected resources."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1025",
                  "description": "Comparison Using Wrong Factors",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-02T09:29:32.268Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2026:30049",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:30049"
            },
            {
              "name": "RHSA-2026:30050",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:30050"
            },
            {
              "name": "RHSA-2026:30083",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:30083"
            },
            {
              "name": "RHSA-2026:30084",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:30084"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-9800"
            },
            {
              "name": "RHBZ#2482472",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482472"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-28T03:57:56.111Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-05-19T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Keycloak-policy-enforcer: keycloak policy enforcer: authorization bypass via incorrect uri comparison",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-1025: Comparison Using Wrong Factors"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-9800",
        "datePublished": "2026-06-25T16:16:27.069Z",
        "dateReserved": "2026-05-28T04:00:06.454Z",
        "dateUpdated": "2026-07-02T12:04:42.028Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-9073 (GCVE-0-2026-9073)

    Vulnerability from cvelistv5 – Published: 2026-06-23 19:53 – Updated: 2026-06-24 18:21
    VLAI
    Title
    Foreman-mcp-server: mcp server: insecure sensitive http header sanitization
    Summary
    A flaw was found in foreman-mcp-server. This component utilizes two distinct logging mechanisms that can expose sensitive session and authentication data. One mechanism logs session identifiers, which are treated as authentication credentials, at an informational level. The other, when debug logging is enabled, incompletely sanitizes HTTP request headers, leading to the cleartext logging of sensitive information such as authorization tokens and API keys. This vulnerability can result in a confidentiality breach, as sensitive authentication data is persisted in plain text within container logs, increasing the risk if logs are forwarded to a centralized platform.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-532 - Insertion of Sensitive Information into Log File
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2026:28438 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2026-9073 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2480151 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Satellite 6.19 Unaffected: 1782228692 , < * (rpm)
        cpe:/a:redhat:satellite:6.19::el9
    Create a notification for this product.
    Date Public
    2026-06-23 12:34
    Credits
    This issue was discovered by Laura Pardo (Red Hat).
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-9073",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-24T18:20:48.963167Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-24T18:21:06.546Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.19::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "satellite/foreman-mcp-server-rhel9",
              "product": "Red Hat Satellite 6.19",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1782228692",
                  "versionType": "rpm"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This issue was discovered by Laura Pardo (Red Hat)."
            }
          ],
          "datePublic": "2026-06-23T12:34:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in foreman-mcp-server. This component utilizes two distinct logging mechanisms that can expose sensitive session and authentication data. One mechanism logs session identifiers, which are treated as authentication credentials, at an informational level. The other, when debug logging is enabled, incompletely sanitizes HTTP request headers, leading to the cleartext logging of sensitive information such as authorization tokens and API keys. This vulnerability can result in a confidentiality breach, as sensitive authentication data is persisted in plain text within container logs, increasing the risk if logs are forwarded to a centralized platform."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-532",
                  "description": "Insertion of Sensitive Information into Log File",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-24T01:56:29.186Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2026:28438",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:28438"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-9073"
            },
            {
              "name": "RHBZ#2480151",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480151"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-20T12:05:51.360Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-06-23T12:34:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Foreman-mcp-server: mcp server: insecure sensitive http header sanitization",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-532: Insertion of Sensitive Information into Log File"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-9073",
        "datePublished": "2026-06-23T19:53:15.850Z",
        "dateReserved": "2026-05-20T12:18:07.910Z",
        "dateUpdated": "2026-06-24T18:21:06.546Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-12112 (GCVE-0-2026-12112)

    Vulnerability from cvelistv5 – Published: 2026-06-23 19:40 – Updated: 2026-06-30 12:06
    VLAI
    Title
    Foreman-mcp-server: mcp server: active session hijacking via insecure session state reuse
    Summary
    A flaw was found in the foreman-mcp-server. A session management vulnerability in the MCP Server allows unauthenticated attackers to hijack active administrative sessions due to an improper cache of authenticated client connections, by trusting a non-secret session ID without re-validating authentication tokens and by logging all newly created session IDs to standard logs. This issue can result in privilege escalation and infrastructure-wide code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-287 - Improper Authentication
    Assigner
    References
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Satellite 6.19 Unaffected: 1782228692 , < * (rpm)
        cpe:/a:redhat:satellite:6.19::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.19     cpe:/a:redhat:satellite:6.19::el9
    Create a notification for this product.
    Date Public
    2026-06-23 14:31
    Credits
    This issue was discovered by Laura Pardo (Red Hat) and Toni Gornals (Red Hat).
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-12112",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-25T12:46:05.913416Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-25T12:46:15.753Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/a:redhat:satellite:6.19::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Satellite 6.19",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-06-23T14:31:23.576Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in the foreman-mcp-server. A session management vulnerability in the MCP Server allows unauthenticated attackers to hijack active administrative sessions due to an improper cache of authenticated client connections, by trusting a non-secret session ID without re-validating authentication tokens and by logging all newly created session IDs to standard logs. This issue can result in privilege escalation and infrastructure-wide code execution."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-287",
                    "description": "Improper Authentication",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T12:06:53.879Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-12112"
              },
              {
                "name": "RHBZ#2488031",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488031"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-12112.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:28438"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:28438: Red Hat Satellite 6.19"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-05-06T00:00:00.000Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-06-23T14:31:23.576Z",
                "value": "Made public."
              }
            ],
            "title": "foreman-mcp-server: MCP Server: Active Session Hijacking via Insecure Session State Reuse",
            "workarounds": [
              {
                "lang": "en",
                "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.19::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "satellite/foreman-mcp-server-rhel9",
              "product": "Red Hat Satellite 6.19",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1782228692",
                  "versionType": "rpm"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This issue was discovered by Laura Pardo (Red Hat) and Toni Gornals (Red Hat)."
            }
          ],
          "datePublic": "2026-06-23T14:31:23.576Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in the foreman-mcp-server. A session management vulnerability in the MCP Server allows unauthenticated attackers to hijack active administrative sessions due to an improper cache of authenticated client connections, by trusting a non-secret session ID without re-validating authentication tokens and by logging all newly created session IDs to standard logs. This issue can result in privilege escalation and infrastructure-wide code execution."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-24T01:41:36.307Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2026:28438",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:28438"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-12112"
            },
            {
              "name": "RHBZ#2488031",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488031"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-06T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-06-23T14:31:23.576Z",
              "value": "Made public."
            }
          ],
          "title": "Foreman-mcp-server: mcp server: active session hijacking via insecure session state reuse",
          "workarounds": [
            {
              "lang": "en",
              "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-287: Improper Authentication"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-12112",
        "datePublished": "2026-06-23T19:40:51.360Z",
        "dateReserved": "2026-06-12T14:41:26.279Z",
        "dateUpdated": "2026-06-30T12:06:53.879Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-12515 (GCVE-0-2026-12515)

    Vulnerability from cvelistv5 – Published: 2026-06-17 15:34 – Updated: 2026-06-26 23:05
    VLAI
    Title
    Katello: missing repository authorization in content_uploads exposes cross-product content existence
    Summary
    A flaw was found in Katello's of Red Hat Satellite. A content upload functionality where insufficient authorization checks in the ContentUploadsController allowed users with the edit_products permission to query content information for repositories outside the products they were authorized to manage. An authenticated attacker could exploit this issue to determine whether specific content exists within repositories that should otherwise be inaccessible. This issue does not allow unauthorized modification, import, or publication of content.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Hardened Images     cpe:/a:redhat:hummingbird:1
    Create a notification for this product.
    Red Hat Red Hat Satellite 6     cpe:/a:redhat:satellite:6
    Create a notification for this product.
    Date Public
    2026-06-17 15:27
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-12515",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-18T15:25:59.268222Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-18T15:26:22.574Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:hummingbird:1"
              ],
              "defaultStatus": "unaffected",
              "packageName": "ctags",
              "product": "Red Hat Hardened Images",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6"
              ],
              "defaultStatus": "affected",
              "packageName": "rubygem-katello",
              "product": "Red Hat Satellite 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6"
              ],
              "defaultStatus": "affected",
              "packageName": "satellite:el8/rubygem-katello",
              "product": "Red Hat Satellite 6",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2026-06-17T15:27:46.078Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Katello\u0027s of Red Hat Satellite. A content upload functionality where insufficient authorization checks in the ContentUploadsController allowed users with the edit_products permission to query content information for repositories outside the products they were authorized to manage. An authenticated attacker could exploit this issue to determine whether specific content exists within repositories that should otherwise be inaccessible. This issue does not allow unauthorized modification, import, or publication of content."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-26T23:05:32.585Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-12515"
            },
            {
              "name": "RHBZ#2489812",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489812"
            },
            {
              "url": "https://github.com/Katello/katello/pull/11712"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-17T11:37:24.783Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-06-17T15:27:46.078Z",
              "value": "Made public."
            }
          ],
          "title": "Katello: missing repository authorization in content_uploads exposes cross-product content existence",
          "workarounds": [
            {
              "lang": "en",
              "value": "Red Hat is not aware of a practical temporary workaround that fully mitigates this issue or meets Red Hat Product Security\u0027s standards for usability, deployment, applicability, or stability. Customers are advised to apply the relevant security updates if they become available."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-862: Missing Authorization"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-12515",
        "datePublished": "2026-06-17T15:34:00.815Z",
        "dateReserved": "2026-06-17T12:39:00.644Z",
        "dateUpdated": "2026-06-26T23:05:32.585Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-44604 (GCVE-0-2026-44604)

    Vulnerability from cvelistv5 – Published: 2026-05-28 05:59 – Updated: 2026-07-02 15:24
    VLAI
    Title
    Rpm: command injection in rpmuncompress dountar() via unescaped archive top-level directory name in popen() shell command
    Summary
    A command injection vulnerability was discovered in the `rpmuncompress` utility of RPM. When extracting certain archive formats (ZIP, 7z, GEM) to a specified destination directory, the tool inserts the archive's top-level folder name into a shell command without properly sanitizing it. A specially crafted archive containing shell metacharacters in its folder name can execute arbitrary commands as the user running the extraction.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2026:28491 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2026-44604 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2460967 issue-trackingx_refsource_REDHAT
    Date Public
    2026-05-28 05:52
    Credits
    Red Hat would like to thank AISLE Research for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-44604",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-28T12:15:12.073020Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-28T12:15:33.073Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:hummingbird:1"
              ],
              "defaultStatus": "affected",
              "packageName": "rpm-main",
              "product": "Red Hat Hardened Images",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "6.0.1-6.1.hum1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:pdrive_lightspeed:0"
              ],
              "defaultStatus": "unknown",
              "packageName": "pen-drive/pen-drive-scanner-rhel9",
              "product": "Pen Drive Powered by Red Hat Lightspeed",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:quarkus:3"
              ],
              "defaultStatus": "unknown",
              "packageName": "rpm",
              "product": "Red Hat build of Quarkus Native builder",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "unknown",
              "packageName": "rpm",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "unknown",
              "packageName": "rust-bootupd",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "rpm",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "rpm",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unknown",
              "packageName": "rpm",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "unknown",
              "packageName": "rpm",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "unknown",
              "packageName": "rust-bootupd",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "unknown",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "satellite/iop-insights-engine-rhel9",
              "product": "Red Hat Satellite 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "satellite/iop-puptoo-rhel9",
              "product": "Red Hat Satellite 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "satellite/iop-yuptoo-rhel9",
              "product": "Red Hat Satellite 6",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank AISLE Research for reporting this issue."
            }
          ],
          "datePublic": "2026-05-28T05:52:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A command injection vulnerability was discovered in the `rpmuncompress` utility of RPM. When extracting certain archive formats (ZIP, 7z, GEM) to a specified destination directory, the tool inserts the archive\u0027s top-level folder name into a shell command without properly sanitizing it. A specially crafted archive containing shell metacharacters in its folder name can execute arbitrary commands as the user running the extraction."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-02T15:24:01.134Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2026:28491",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:28491"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-44604"
            },
            {
              "name": "RHBZ#2460967",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460967"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-04-23T00:27:40.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-05-28T05:52:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Rpm: command injection in rpmuncompress dountar() via unescaped archive top-level directory name in popen() shell command",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-44604",
        "datePublished": "2026-05-28T05:59:20.978Z",
        "dateReserved": "2026-05-07T03:57:03.811Z",
        "dateUpdated": "2026-07-02T15:24:01.134Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-48864 (GCVE-0-2026-48864)

    Vulnerability from cvelistv5 – Published: 2026-05-26 16:16 – Updated: 2026-06-24 01:53
    VLAI
    Title
    Libsolv: heap buffer overflow in libsolv repopagestore via unchecked decompression of malicious .solv page data
    Summary
    A flaw was found in libsolv. This heap buffer overflow occurs during the decompression of attacker-controlled compressed data within `.solv` files due to insufficient input validation. An attacker can provide a specially crafted `.solv` file, which, when processed by a vulnerable application, can lead to out-of-bounds memory access. This could result in information disclosure, alteration of program execution, or a denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2026:21333 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:28236 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2026-48864 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2460425 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Enterprise Linux 10 Unaffected: 0:0.7.33-5.el10_2 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Hardened Images Unaffected: 0.7.38-2.hum1 , < * (rpm)
        cpe:/a:redhat:hummingbird:1
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
    Create a notification for this product.
    Red Hat Red Hat Satellite 6     cpe:/a:redhat:satellite:6
    Create a notification for this product.
    Red Hat Red Hat Update Infrastructure 4 for Cloud Providers     cpe:/a:redhat:rhui:4::el8
    Create a notification for this product.
    Date Public
    2026-05-26 16:07
    Credits
    This issue was discovered by Found by AISLE in partnership with Red Hat.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-48864",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-28T03:55:45.469552Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-28T13:28:44.209Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10.2"
              ],
              "defaultStatus": "affected",
              "packageName": "libsolv",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.7.33-5.el10_2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:hummingbird:1"
              ],
              "defaultStatus": "affected",
              "packageName": "libsolv-main",
              "product": "Red Hat Hardened Images",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0.7.38-2.hum1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "affected",
              "packageName": "libsolv",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "libsolv",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "libsolv",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6"
              ],
              "defaultStatus": "affected",
              "packageName": "satellite-capsule:el8/libsolv",
              "product": "Red Hat Satellite 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhui:4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "libsolv",
              "product": "Red Hat Update Infrastructure 4 for Cloud Providers",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This issue was discovered by Found by AISLE in partnership with Red Hat."
            }
          ],
          "datePublic": "2026-05-26T16:07:55.363Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in libsolv. This heap buffer overflow occurs during the decompression of attacker-controlled compressed data within `.solv` files due to insufficient input validation. An attacker can provide a specially crafted `.solv` file, which, when processed by a vulnerable application, can lead to out-of-bounds memory access. This could result in information disclosure, alteration of program execution, or a denial of service."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-24T01:53:49.640Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2026:21333",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:21333"
            },
            {
              "name": "RHSA-2026:28236",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:28236"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-48864"
            },
            {
              "name": "RHBZ#2460425",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460425"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-04-21T23:19:41.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-05-26T16:07:55.363Z",
              "value": "Made public."
            }
          ],
          "title": "Libsolv: heap buffer overflow in libsolv repopagestore via unchecked decompression of malicious .solv page data",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-787: Out-of-bounds Write"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-48864",
        "datePublished": "2026-05-26T16:16:07.581Z",
        "dateReserved": "2026-05-25T20:59:30.306Z",
        "dateUpdated": "2026-06-24T01:53:49.640Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-9149 (GCVE-0-2026-9149)

    Vulnerability from cvelistv5 – Published: 2026-05-20 23:34 – Updated: 2026-06-26 23:16
    VLAI
    Title
    Libsolv: heap buffer overflow in libsolv repo_add_solv via negative maxsize from crafted .solv file
    Summary
    A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes a specially crafted `.solv` file containing negative size values in the `repo_add_solv` function. This leads to an undersized memory allocation and a subsequent out-of-bounds write. An attacker could exploit this to cause a denial of service (DoS).
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Enterprise Linux 10 Unaffected: 0:0.7.33-5.el10_2 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Hardened Images Unaffected: 0.7.38-2.hum1 , < * (rpm)
        cpe:/a:redhat:hummingbird:1
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
    Create a notification for this product.
    Red Hat Red Hat Satellite 6     cpe:/a:redhat:satellite:6
    Create a notification for this product.
    Red Hat Red Hat Update Infrastructure 4 for Cloud Providers     cpe:/a:redhat:rhui:4::el8
    Create a notification for this product.
    Date Public
    2026-05-20 22:19
    Credits
    This issue was discovered by AISLE in partnership with Red Hat.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-9149",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-21T12:22:28.191967Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-21T12:22:30.994Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/openSUSE/libsolv/pull/617"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10.2"
              ],
              "defaultStatus": "affected",
              "packageName": "libsolv",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.7.33-5.el10_2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:hummingbird:1"
              ],
              "defaultStatus": "affected",
              "packageName": "libsolv-main",
              "product": "Red Hat Hardened Images",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0.7.38-2.hum1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "affected",
              "packageName": "libsolv",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "libsolv",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "libsolv",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6"
              ],
              "defaultStatus": "affected",
              "packageName": "satellite-capsule:el8/libsolv",
              "product": "Red Hat Satellite 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhui:4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "libsolv",
              "product": "Red Hat Update Infrastructure 4 for Cloud Providers",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This issue was discovered by AISLE in partnership with Red Hat."
            }
          ],
          "datePublic": "2026-05-20T22:19:32.560Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes a specially crafted `.solv` file containing negative size values in the `repo_add_solv` function. This leads to an undersized memory allocation and a subsequent out-of-bounds write. An attacker could exploit this to cause a denial of service (DoS)."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-26T23:16:13.108Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2026:21333",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:21333"
            },
            {
              "name": "RHSA-2026:28236",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:28236"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-9149"
            },
            {
              "name": "RHBZ#2460380",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460380"
            },
            {
              "url": "https://github.com/openSUSE/libsolv/pull/617"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-04-21T21:20:01.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-05-20T22:19:32.560Z",
              "value": "Made public."
            }
          ],
          "title": "Libsolv: heap buffer overflow in libsolv repo_add_solv via negative maxsize from crafted .solv file",
          "workarounds": [
            {
              "lang": "en",
              "value": "To mitigate this issue, avoid processing untrusted `.solv` files with libsolv or any applications that consume `.solv` input. Ensure that all `.solv` data processed by the system originates from trusted sources only."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-122: Heap-based Buffer Overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-9149",
        "datePublished": "2026-05-20T23:34:56.473Z",
        "dateReserved": "2026-05-20T22:08:56.611Z",
        "dateUpdated": "2026-06-26T23:16:13.108Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-9150 (GCVE-0-2026-9150)

    Vulnerability from cvelistv5 – Published: 2026-05-20 23:07 – Updated: 2026-06-29 16:53
    VLAI
    Title
    Libsolv: stack-based buffer overflow in libsolv's debian metadata parser when handling sha384/sha512 checksums
    Summary
    A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv's Debian metadata parser when processing specially crafted Debian repository metadata. An attacker could exploit this by providing malicious SHA384 or SHA512 checksum tags, leading to memory corruption and a denial of service (DoS) in the affected system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Enterprise Linux 10 Unaffected: 0:0.7.33-5.el10_2 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Hardened Images Unaffected: 0.7.38-2.hum1 , < * (rpm)
        cpe:/a:redhat:hummingbird:1
    Create a notification for this product.
    Red Hat Red Hat Hardened Images Unaffected: 0.7.39-3.hum1 , < * (rpm)
        cpe:/a:redhat:hummingbird:1
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
    Create a notification for this product.
    Red Hat Red Hat Satellite 6     cpe:/a:redhat:satellite:6
    Create a notification for this product.
    Red Hat Red Hat Update Infrastructure 4 for Cloud Providers     cpe:/a:redhat:rhui:4::el8
    Create a notification for this product.
    Date Public
    2026-05-20 22:59
    Credits
    This issue was discovered by Found by AISLE in partnership with Red Hat.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-9150",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-21T14:03:20.850245Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-21T14:25:03.871Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10.2"
              ],
              "defaultStatus": "affected",
              "packageName": "libsolv",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.7.33-5.el10_2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:hummingbird:1"
              ],
              "defaultStatus": "affected",
              "packageName": "libsolv-main",
              "product": "Red Hat Hardened Images",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0.7.38-2.hum1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:hummingbird:1"
              ],
              "defaultStatus": "affected",
              "packageName": "libsolv-main",
              "product": "Red Hat Hardened Images",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0.7.39-3.hum1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "affected",
              "packageName": "libsolv",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "libsolv",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "libsolv",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6"
              ],
              "defaultStatus": "affected",
              "packageName": "satellite-capsule:el8/libsolv",
              "product": "Red Hat Satellite 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhui:4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "libsolv",
              "product": "Red Hat Update Infrastructure 4 for Cloud Providers",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This issue was discovered by Found by AISLE in partnership with Red Hat."
            }
          ],
          "datePublic": "2026-05-20T22:59:46.186Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv\u0027s Debian metadata parser when processing specially crafted Debian repository metadata. An attacker could exploit this by providing malicious SHA384 or SHA512 checksum tags, leading to memory corruption and a denial of service (DoS) in the affected system."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-29T16:53:53.089Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2026:21333",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:21333"
            },
            {
              "name": "RHSA-2026:28236",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:28236"
            },
            {
              "name": "RHSA-2026:30649",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:30649"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-9150"
            },
            {
              "name": "RHBZ#2460379",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460379"
            },
            {
              "url": "https://github.com/openSUSE/libsolv/pull/616"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-04-21T21:15:41.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-05-20T22:59:46.186Z",
              "value": "Made public."
            }
          ],
          "title": "Libsolv: stack-based buffer overflow in libsolv\u0027s debian metadata parser when handling sha384/sha512 checksums",
          "workarounds": [
            {
              "lang": "en",
              "value": "To mitigate this issue, ensure that libsolv only processes trusted and cryptographically signed Debian repository metadata. Avoid ingesting or processing `Packages` files from untrusted or unverified sources."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-121: Stack-based Buffer Overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-9150",
        "datePublished": "2026-05-20T23:07:18.213Z",
        "dateReserved": "2026-05-20T22:15:47.147Z",
        "dateUpdated": "2026-06-29T16:53:53.089Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-1961 (GCVE-0-2026-1961)

    Vulnerability from cvelistv5 – Published: 2026-03-26 12:53 – Updated: 2026-06-30 12:07
    VLAI
    Title
    Forman: foreman: remote code execution via command injection in websocket proxy
    Summary
    A flaw was found in Foreman. A remote attacker could exploit a command injection vulnerability in Foreman's WebSocket proxy implementation. This vulnerability arises from the system's use of unsanitized hostname values from compute resource providers when constructing shell commands. By operating a malicious compute resource server, an attacker could achieve remote code execution on the Foreman server when a user accesses VM VNC console functionality. This could lead to the compromise of sensitive credentials and the entire managed infrastructure.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Satellite 6.16 for RHEL 8 Unaffected: 0:3.12.0.14-1.el8sat , < * (rpm)
        cpe:/a:redhat:satellite:6.16::el8
        cpe:/a:redhat:satellite:6.16::el9
        cpe:/a:redhat:satellite_capsule:6.16::el8
        cpe:/a:redhat:satellite_capsule:6.16::el9
        cpe:/a:redhat:satellite_maintenance:6.16::el9
        cpe:/a:redhat:satellite_utils:6.16::el8
        cpe:/a:redhat:satellite_utils:6.16::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.16 for RHEL 9 Unaffected: 0:3.12.0.14-1.el9sat , < * (rpm)
        cpe:/a:redhat:satellite:6.16::el8
        cpe:/a:redhat:satellite:6.16::el9
        cpe:/a:redhat:satellite_capsule:6.16::el8
        cpe:/a:redhat:satellite_capsule:6.16::el9
        cpe:/a:redhat:satellite_maintenance:6.16::el9
        cpe:/a:redhat:satellite_utils:6.16::el8
        cpe:/a:redhat:satellite_utils:6.16::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.17 for RHEL 9 Unaffected: 0:3.14.0.14-1.el9sat , < * (rpm)
        cpe:/a:redhat:satellite:6.17::el9
        cpe:/a:redhat:satellite_capsule:6.17::el9
        cpe:/a:redhat:satellite_maintenance:6.17::el9
        cpe:/a:redhat:satellite_utils:6.17::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.17 for RHEL 9 Unaffected: 0:0.1.23-0.3.el9pc , < * (rpm)
        cpe:/a:redhat:satellite:6.17::el9
        cpe:/a:redhat:satellite_capsule:6.17::el9
        cpe:/a:redhat:satellite_maintenance:6.17::el9
        cpe:/a:redhat:satellite_utils:6.17::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.17 for RHEL 9 Unaffected: 0:1.2.0-0.1.el9pc , < * (rpm)
        cpe:/a:redhat:satellite:6.17::el9
        cpe:/a:redhat:satellite_capsule:6.17::el9
        cpe:/a:redhat:satellite_maintenance:6.17::el9
        cpe:/a:redhat:satellite_utils:6.17::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.17 for RHEL 9 Unaffected: 0:4.2.28-0.1.el9pc , < * (rpm)
        cpe:/a:redhat:satellite:6.17::el9
        cpe:/a:redhat:satellite_capsule:6.17::el9
        cpe:/a:redhat:satellite_maintenance:6.17::el9
        cpe:/a:redhat:satellite_utils:6.17::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.17 for RHEL 9 Unaffected: 0:2.22.3-1.el9pc , < * (rpm)
        cpe:/a:redhat:satellite:6.17::el9
        cpe:/a:redhat:satellite_capsule:6.17::el9
        cpe:/a:redhat:satellite_maintenance:6.17::el9
        cpe:/a:redhat:satellite_utils:6.17::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.17 for RHEL 9 Unaffected: 0:3.27.10-2.el9pc , < * (rpm)
        cpe:/a:redhat:satellite:6.17::el9
        cpe:/a:redhat:satellite_capsule:6.17::el9
        cpe:/a:redhat:satellite_maintenance:6.17::el9
        cpe:/a:redhat:satellite_utils:6.17::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.17 for RHEL 9 Unaffected: 0:1.5.1-1.el9sat , < * (rpm)
        cpe:/a:redhat:satellite:6.17::el9
        cpe:/a:redhat:satellite_capsule:6.17::el9
        cpe:/a:redhat:satellite_maintenance:6.17::el9
        cpe:/a:redhat:satellite_utils:6.17::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.17 for RHEL 9 Unaffected: 0:0.4.3-1.el9sat , < * (rpm)
        cpe:/a:redhat:satellite:6.17::el9
        cpe:/a:redhat:satellite_capsule:6.17::el9
        cpe:/a:redhat:satellite_maintenance:6.17::el9
        cpe:/a:redhat:satellite_utils:6.17::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.17 for RHEL 9 Unaffected: 0:4.16.0.14-1.el9sat , < * (rpm)
        cpe:/a:redhat:satellite:6.17::el9
        cpe:/a:redhat:satellite_capsule:6.17::el9
        cpe:/a:redhat:satellite_maintenance:6.17::el9
        cpe:/a:redhat:satellite_utils:6.17::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.17 for RHEL 9 Unaffected: 0:0.13.0-1.el9sat , < * (rpm)
        cpe:/a:redhat:satellite:6.17::el9
        cpe:/a:redhat:satellite_capsule:6.17::el9
        cpe:/a:redhat:satellite_maintenance:6.17::el9
        cpe:/a:redhat:satellite_utils:6.17::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.17 for RHEL 9 Unaffected: 0:6.17.7-1.el9sat , < * (rpm)
        cpe:/a:redhat:satellite:6.17::el9
        cpe:/a:redhat:satellite_capsule:6.17::el9
        cpe:/a:redhat:satellite_maintenance:6.17::el9
        cpe:/a:redhat:satellite_utils:6.17::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.17 for RHEL 9 Unaffected: 0:0.0.3-4.el9sat , < * (rpm)
        cpe:/a:redhat:satellite:6.17::el9
        cpe:/a:redhat:satellite_capsule:6.17::el9
        cpe:/a:redhat:satellite_maintenance:6.17::el9
        cpe:/a:redhat:satellite_utils:6.17::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.18 for RHEL 9 Unaffected: 0:3.16.0.12-1.el9sat , < * (rpm)
        cpe:/a:redhat:satellite:6.18::el9
        cpe:/a:redhat:satellite_capsule:6.18::el9
        cpe:/a:redhat:satellite_utils:6.18::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6     cpe:/a:redhat:satellite:6
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.16 for RHEL 8     cpe:/a:redhat:satellite:6.16::el8
        cpe:/a:redhat:satellite_capsule:6.16::el8
        cpe:/a:redhat:satellite_utils:6.16::el8
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.16 for RHEL 9     cpe:/a:redhat:satellite:6.16::el9
        cpe:/a:redhat:satellite_capsule:6.16::el9
        cpe:/a:redhat:satellite_maintenance:6.16::el9
        cpe:/a:redhat:satellite_utils:6.16::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.17 for RHEL 9     cpe:/a:redhat:satellite:6.17::el9
        cpe:/a:redhat:satellite_capsule:6.17::el9
        cpe:/a:redhat:satellite_maintenance:6.17::el9
        cpe:/a:redhat:satellite_utils:6.17::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.18 for RHEL 9     cpe:/a:redhat:satellite:6.18::el9
        cpe:/a:redhat:satellite_capsule:6.18::el9
        cpe:/a:redhat:satellite_utils:6.18::el9
    Create a notification for this product.
    Date Public
    2026-03-26 12:30
    Credits
    Red Hat would like to thank Houssam Sahli for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-1961",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-26T13:11:15.689121Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-26T13:11:42.162Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2026-03-27T16:18:13.602Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/03/27/3"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/a:redhat:satellite:6.16::el8",
                  "cpe:/a:redhat:satellite_capsule:6.16::el8",
                  "cpe:/a:redhat:satellite_utils:6.16::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Satellite 6.16 for RHEL 8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:satellite:6.16::el9",
                  "cpe:/a:redhat:satellite_capsule:6.16::el9",
                  "cpe:/a:redhat:satellite_maintenance:6.16::el9",
                  "cpe:/a:redhat:satellite_utils:6.16::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Satellite 6.16 for RHEL 9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:satellite:6.17::el9",
                  "cpe:/a:redhat:satellite_capsule:6.17::el9",
                  "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                  "cpe:/a:redhat:satellite_utils:6.17::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Satellite 6.17 for RHEL 9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:satellite:6.18::el9",
                  "cpe:/a:redhat:satellite_capsule:6.18::el9",
                  "cpe:/a:redhat:satellite_utils:6.18::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Satellite 6.18 for RHEL 9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:satellite:6"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Satellite 6",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-03-26T12:30:45.446Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in Foreman. A remote attacker could exploit a command injection vulnerability in Foreman\u0027s WebSocket proxy implementation. This vulnerability arises from the system\u0027s use of unsanitized hostname values from compute resource providers when constructing shell commands. By operating a malicious compute resource server, an attacker could achieve remote code execution on the Foreman server when a user accesses VM VNC console functionality. This could lead to the compromise of sensitive credentials and the entire managed infrastructure."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-78",
                    "description": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T12:07:04.779Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-1961"
              },
              {
                "name": "RHBZ#2437036",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437036"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1961.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:5971"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:5970"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:5968"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:5971: Red Hat Satellite 6.16 for RHEL 8, Red Hat Satellite 6.16 for RHEL 9"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:5970: Red Hat Satellite 6.17 for RHEL 9"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:5968: Red Hat Satellite 6.18 for RHEL 9"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-02-05T10:40:57.141Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-03-26T12:30:45.446Z",
                "value": "Made public."
              }
            ],
            "title": "forman: Foreman: Remote Code Execution via command injection in WebSocket proxy",
            "workarounds": [
              {
                "lang": "en",
                "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.16::el8",
                "cpe:/a:redhat:satellite:6.16::el9",
                "cpe:/a:redhat:satellite_capsule:6.16::el8",
                "cpe:/a:redhat:satellite_capsule:6.16::el9",
                "cpe:/a:redhat:satellite_maintenance:6.16::el9",
                "cpe:/a:redhat:satellite_utils:6.16::el8",
                "cpe:/a:redhat:satellite_utils:6.16::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.16 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.12.0.14-1.el8sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.16::el8",
                "cpe:/a:redhat:satellite:6.16::el9",
                "cpe:/a:redhat:satellite_capsule:6.16::el8",
                "cpe:/a:redhat:satellite_capsule:6.16::el9",
                "cpe:/a:redhat:satellite_maintenance:6.16::el9",
                "cpe:/a:redhat:satellite_utils:6.16::el8",
                "cpe:/a:redhat:satellite_utils:6.16::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.16 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.12.0.14-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.14.0.14-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "libcomps",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.1.23-0.3.el9pc",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "python-brotli",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.2.0-0.1.el9pc",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "python-django",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.2.28-0.1.el9pc",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "python-pulp-container",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.22.3-1.el9pc",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "python-pulp-rpm",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.27.10-2.el9pc",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rubygem-fog-kubevirt",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.5.1-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rubygem-foreman_kubevirt",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.4.3-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rubygem-katello",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.16.0.14-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rubygem-rubyipmi",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.13.0-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "satellite",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:6.17.7-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "yggdrasil-worker-forwarder",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.0.3-4.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.14.0.14-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "libcomps",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.1.23-0.3.el9pc",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "python-brotli",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.2.0-0.1.el9pc",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "python-django",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.2.28-0.1.el9pc",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "python-pulp-container",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.22.3-1.el9pc",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "python-pulp-rpm",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.27.10-2.el9pc",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rubygem-fog-kubevirt",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.5.1-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rubygem-foreman_kubevirt",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.4.3-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rubygem-katello",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.16.0.14-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rubygem-rubyipmi",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.13.0-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "satellite",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:6.17.7-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "yggdrasil-worker-forwarder",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.0.3-4.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.18::el9",
                "cpe:/a:redhat:satellite_capsule:6.18::el9",
                "cpe:/a:redhat:satellite_utils:6.18::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.18 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.16.0.12-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6"
              ],
              "defaultStatus": "affected",
              "packageName": "satellite-utils:el8/foreman",
              "product": "Red Hat Satellite 6",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Houssam Sahli for reporting this issue."
            }
          ],
          "datePublic": "2026-03-26T12:30:45.446Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Foreman. A remote attacker could exploit a command injection vulnerability in Foreman\u0027s WebSocket proxy implementation. This vulnerability arises from the system\u0027s use of unsanitized hostname values from compute resource providers when constructing shell commands. By operating a malicious compute resource server, an attacker could achieve remote code execution on the Foreman server when a user accesses VM VNC console functionality. This could lead to the compromise of sensitive credentials and the entire managed infrastructure."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T04:12:46.774Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2026:5968",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:5968"
            },
            {
              "name": "RHSA-2026:5970",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:5970"
            },
            {
              "name": "RHSA-2026:5971",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:5971"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-1961"
            },
            {
              "name": "RHBZ#2437036",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437036"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-02-05T10:40:57.141Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-03-26T12:30:45.446Z",
              "value": "Made public."
            }
          ],
          "title": "Forman: foreman: remote code execution via command injection in websocket proxy",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-1961",
        "datePublished": "2026-03-26T12:53:09.566Z",
        "dateReserved": "2026-02-05T10:43:18.671Z",
        "dateUpdated": "2026-06-30T12:07:04.779Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-4324 (GCVE-0-2026-4324)

    Vulnerability from cvelistv5 – Published: 2026-03-17 13:52 – Updated: 2026-06-01 17:33
    VLAI
    Title
    Rubygem-katello: katello: denial of service and potential information disclosure via sql injection
    Summary
    A flaw was found in the Katello plugin for Red Hat Satellite. This vulnerability, caused by improper sanitization of user-provided input, allows a remote attacker to inject arbitrary SQL commands into the sort_by parameter of the /api/hosts/bootc_images API endpoint. This can lead to a Denial of Service (DoS) by triggering database errors, and potentially enable Boolean-based Blind SQL injection, which could allow an attacker to extract sensitive information from the database.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2026:22326 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:5968 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:5970 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2026-4324 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2448349 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Satellite 6.17 for RHEL 9 Unaffected: 0:3.14.0.14-1.el9sat , < * (rpm)
        cpe:/a:redhat:satellite:6.17::el9
        cpe:/a:redhat:satellite_capsule:6.17::el9
        cpe:/a:redhat:satellite_maintenance:6.17::el9
        cpe:/a:redhat:satellite_utils:6.17::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.17 for RHEL 9 Unaffected: 0:0.1.23-0.3.el9pc , < * (rpm)
        cpe:/a:redhat:satellite:6.17::el9
        cpe:/a:redhat:satellite_capsule:6.17::el9
        cpe:/a:redhat:satellite_maintenance:6.17::el9
        cpe:/a:redhat:satellite_utils:6.17::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.17 for RHEL 9 Unaffected: 0:1.2.0-0.1.el9pc , < * (rpm)
        cpe:/a:redhat:satellite:6.17::el9
        cpe:/a:redhat:satellite_capsule:6.17::el9
        cpe:/a:redhat:satellite_maintenance:6.17::el9
        cpe:/a:redhat:satellite_utils:6.17::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.17 for RHEL 9 Unaffected: 0:4.2.28-0.1.el9pc , < * (rpm)
        cpe:/a:redhat:satellite:6.17::el9
        cpe:/a:redhat:satellite_capsule:6.17::el9
        cpe:/a:redhat:satellite_maintenance:6.17::el9
        cpe:/a:redhat:satellite_utils:6.17::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.17 for RHEL 9 Unaffected: 0:2.22.3-1.el9pc , < * (rpm)
        cpe:/a:redhat:satellite:6.17::el9
        cpe:/a:redhat:satellite_capsule:6.17::el9
        cpe:/a:redhat:satellite_maintenance:6.17::el9
        cpe:/a:redhat:satellite_utils:6.17::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.17 for RHEL 9 Unaffected: 0:3.27.10-2.el9pc , < * (rpm)
        cpe:/a:redhat:satellite:6.17::el9
        cpe:/a:redhat:satellite_capsule:6.17::el9
        cpe:/a:redhat:satellite_maintenance:6.17::el9
        cpe:/a:redhat:satellite_utils:6.17::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.17 for RHEL 9 Unaffected: 0:1.5.1-1.el9sat , < * (rpm)
        cpe:/a:redhat:satellite:6.17::el9
        cpe:/a:redhat:satellite_capsule:6.17::el9
        cpe:/a:redhat:satellite_maintenance:6.17::el9
        cpe:/a:redhat:satellite_utils:6.17::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.17 for RHEL 9 Unaffected: 0:0.4.3-1.el9sat , < * (rpm)
        cpe:/a:redhat:satellite:6.17::el9
        cpe:/a:redhat:satellite_capsule:6.17::el9
        cpe:/a:redhat:satellite_maintenance:6.17::el9
        cpe:/a:redhat:satellite_utils:6.17::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.17 for RHEL 9 Unaffected: 0:4.16.0.14-1.el9sat , < * (rpm)
        cpe:/a:redhat:satellite:6.17::el9
        cpe:/a:redhat:satellite_capsule:6.17::el9
        cpe:/a:redhat:satellite_maintenance:6.17::el9
        cpe:/a:redhat:satellite_utils:6.17::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.17 for RHEL 9 Unaffected: 0:0.13.0-1.el9sat , < * (rpm)
        cpe:/a:redhat:satellite:6.17::el9
        cpe:/a:redhat:satellite_capsule:6.17::el9
        cpe:/a:redhat:satellite_maintenance:6.17::el9
        cpe:/a:redhat:satellite_utils:6.17::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.17 for RHEL 9 Unaffected: 0:6.17.7-1.el9sat , < * (rpm)
        cpe:/a:redhat:satellite:6.17::el9
        cpe:/a:redhat:satellite_capsule:6.17::el9
        cpe:/a:redhat:satellite_maintenance:6.17::el9
        cpe:/a:redhat:satellite_utils:6.17::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.17 for RHEL 9 Unaffected: 0:0.0.3-4.el9sat , < * (rpm)
        cpe:/a:redhat:satellite:6.17::el9
        cpe:/a:redhat:satellite_capsule:6.17::el9
        cpe:/a:redhat:satellite_maintenance:6.17::el9
        cpe:/a:redhat:satellite_utils:6.17::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.18 for RHEL 9 Unaffected: 0:4.18.0.9-1.el9sat , < * (rpm)
        cpe:/a:redhat:satellite:6.18::el9
        cpe:/a:redhat:satellite_capsule:6.18::el9
        cpe:/a:redhat:satellite_utils:6.18::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.19 for RHEL 9 Unaffected: 0:4.20.0.4-1.el9sat , < * (rpm)
        cpe:/a:redhat:satellite:6.19::el9
        cpe:/a:redhat:satellite_capsule:6.19::el9
        cpe:/a:redhat:satellite_maintenance:6.19::el9
        cpe:/a:redhat:satellite_utils:6.19::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6     cpe:/a:redhat:satellite:6
    Create a notification for this product.
    Date Public
    2026-03-17 13:18
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-4324",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-17T14:26:51.385589Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-17T14:26:57.579Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.14.0.14-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "libcomps",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.1.23-0.3.el9pc",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "python-brotli",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.2.0-0.1.el9pc",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "python-django",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.2.28-0.1.el9pc",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "python-pulp-container",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.22.3-1.el9pc",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "python-pulp-rpm",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.27.10-2.el9pc",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rubygem-fog-kubevirt",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.5.1-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rubygem-foreman_kubevirt",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.4.3-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rubygem-katello",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.16.0.14-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rubygem-rubyipmi",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.13.0-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "satellite",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:6.17.7-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "yggdrasil-worker-forwarder",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.0.3-4.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.14.0.14-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "libcomps",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.1.23-0.3.el9pc",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "python-brotli",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.2.0-0.1.el9pc",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "python-django",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.2.28-0.1.el9pc",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "python-pulp-container",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.22.3-1.el9pc",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "python-pulp-rpm",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.27.10-2.el9pc",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rubygem-fog-kubevirt",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.5.1-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rubygem-foreman_kubevirt",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.4.3-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rubygem-katello",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.16.0.14-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rubygem-rubyipmi",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.13.0-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "satellite",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:6.17.7-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "yggdrasil-worker-forwarder",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.0.3-4.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.18::el9",
                "cpe:/a:redhat:satellite_capsule:6.18::el9",
                "cpe:/a:redhat:satellite_utils:6.18::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rubygem-katello",
              "product": "Red Hat Satellite 6.18 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.18.0.9-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.19::el9",
                "cpe:/a:redhat:satellite_capsule:6.19::el9",
                "cpe:/a:redhat:satellite_maintenance:6.19::el9",
                "cpe:/a:redhat:satellite_utils:6.19::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rubygem-katello",
              "product": "Red Hat Satellite 6.19 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.20.0.4-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6"
              ],
              "defaultStatus": "unaffected",
              "packageName": "satellite:el8/rubygem-katello",
              "product": "Red Hat Satellite 6",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2026-03-17T13:18:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in the Katello plugin for Red Hat Satellite. This vulnerability, caused by improper sanitization of user-provided input, allows a remote attacker to inject arbitrary SQL commands into the sort_by parameter of the /api/hosts/bootc_images API endpoint. This can lead to a Denial of Service (DoS) by triggering database errors, and potentially enable Boolean-based Blind SQL injection, which could allow an attacker to extract sensitive information from the database."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-01T17:33:36.979Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2026:22326",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:22326"
            },
            {
              "name": "RHSA-2026:5968",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:5968"
            },
            {
              "name": "RHSA-2026:5970",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:5970"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-4324"
            },
            {
              "name": "RHBZ#2448349",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448349"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-03-17T12:28:40.127Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-03-17T13:18:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Rubygem-katello: katello: denial of service and potential information disclosure via sql injection",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-4324",
        "datePublished": "2026-03-17T13:52:14.756Z",
        "dateReserved": "2026-03-17T12:30:29.903Z",
        "dateUpdated": "2026-06-01T17:33:36.979Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }