CVE-2026-5135 (GCVE-0-2026-5135)

Vulnerability from cvelistv5 – Published: 2026-07-01 14:08 – Updated: 2026-07-01 23:53
VLAI
Title
Foreman: foreman: unauthorized modification of host configurations via broken access control
Summary
A flaw was found in Foreman. This broken access control vulnerability allows an authenticated user with host-edit permissions to retarget an existing lookup value override to a different host. This is achieved by modifying the match field through nested host attributes, effectively bypassing authorisation checks. The consequence is the potential for unauthorised modification of managed host configurations across different organisational and location boundaries.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
URL Tags
https://access.redhat.com/errata/RHSA-2026:34365 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:34366 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:34367 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:34368 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2026-5135 vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2452230 issue-trackingx_refsource_REDHAT
Impacted products
Vendor Product Version
Red Hat Red Hat Satellite 6.16 for RHEL 8 Unaffected: 0:3.12.0.17-1.el8sat , < * (rpm)
    cpe:/a:redhat:satellite:6.16::el8
    cpe:/a:redhat:satellite:6.16::el9
    cpe:/a:redhat:satellite_capsule:6.16::el8
    cpe:/a:redhat:satellite_capsule:6.16::el9
    cpe:/a:redhat:satellite_maintenance:6.16::el8
    cpe:/a:redhat:satellite_maintenance:6.16::el9
    cpe:/a:redhat:satellite_utils:6.16::el8
    cpe:/a:redhat:satellite_utils:6.16::el9
Create a notification for this product.
Red Hat Red Hat Satellite 6.16 for RHEL 9 Unaffected: 0:3.12.0.17-1.el9sat , < * (rpm)
    cpe:/a:redhat:satellite:6.16::el8
    cpe:/a:redhat:satellite:6.16::el9
    cpe:/a:redhat:satellite_capsule:6.16::el8
    cpe:/a:redhat:satellite_capsule:6.16::el9
    cpe:/a:redhat:satellite_maintenance:6.16::el8
    cpe:/a:redhat:satellite_maintenance:6.16::el9
    cpe:/a:redhat:satellite_utils:6.16::el8
    cpe:/a:redhat:satellite_utils:6.16::el9
Create a notification for this product.
Red Hat Red Hat Satellite 6.17 for RHEL 9 Unaffected: 0:3.14.0.17-1.el9sat , < * (rpm)
    cpe:/a:redhat:satellite:6.17::el9
    cpe:/a:redhat:satellite_capsule:6.17::el9
    cpe:/a:redhat:satellite_maintenance:6.17::el9
    cpe:/a:redhat:satellite_utils:6.17::el9
Create a notification for this product.
Red Hat Red Hat Satellite 6.18 for RHEL 9 Unaffected: 0:3.16.0.17-1.el9sat , < * (rpm)
    cpe:/a:redhat:satellite:6.18::el9
    cpe:/a:redhat:satellite_capsule:6.18::el9
    cpe:/a:redhat:satellite_utils:6.18::el9
Create a notification for this product.
Red Hat Red Hat Satellite 6.19 for RHEL 9 Unaffected: 0:3.18.0.7-1.el9sat , < * (rpm)
    cpe:/a:redhat:satellite:6.19::el9
    cpe:/a:redhat:satellite_capsule:6.19::el9
    cpe:/a:redhat:satellite_maintenance:6.19::el9
    cpe:/a:redhat:satellite_utils:6.19::el9
Create a notification for this product.
Red Hat Red Hat Satellite 6     cpe:/a:redhat:satellite:6
Create a notification for this product.
Date Public
2026-04-15 12:34
Credits
Red Hat would like to thank Stanislav Fot (Aisle Research) for reporting this issue.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-5135",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-01T14:52:27.488776Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-01T14:54:21.883Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite:6.16::el8",
            "cpe:/a:redhat:satellite:6.16::el9",
            "cpe:/a:redhat:satellite_capsule:6.16::el8",
            "cpe:/a:redhat:satellite_capsule:6.16::el9",
            "cpe:/a:redhat:satellite_maintenance:6.16::el8",
            "cpe:/a:redhat:satellite_maintenance:6.16::el9",
            "cpe:/a:redhat:satellite_utils:6.16::el8",
            "cpe:/a:redhat:satellite_utils:6.16::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "foreman",
          "product": "Red Hat Satellite 6.16 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.12.0.17-1.el8sat",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite:6.16::el8",
            "cpe:/a:redhat:satellite:6.16::el9",
            "cpe:/a:redhat:satellite_capsule:6.16::el8",
            "cpe:/a:redhat:satellite_capsule:6.16::el9",
            "cpe:/a:redhat:satellite_maintenance:6.16::el8",
            "cpe:/a:redhat:satellite_maintenance:6.16::el9",
            "cpe:/a:redhat:satellite_utils:6.16::el8",
            "cpe:/a:redhat:satellite_utils:6.16::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "foreman",
          "product": "Red Hat Satellite 6.16 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.12.0.17-1.el9sat",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite:6.17::el9",
            "cpe:/a:redhat:satellite_capsule:6.17::el9",
            "cpe:/a:redhat:satellite_maintenance:6.17::el9",
            "cpe:/a:redhat:satellite_utils:6.17::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "foreman",
          "product": "Red Hat Satellite 6.17 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.14.0.17-1.el9sat",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite:6.18::el9",
            "cpe:/a:redhat:satellite_capsule:6.18::el9",
            "cpe:/a:redhat:satellite_utils:6.18::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "foreman",
          "product": "Red Hat Satellite 6.18 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.16.0.17-1.el9sat",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite:6.19::el9",
            "cpe:/a:redhat:satellite_capsule:6.19::el9",
            "cpe:/a:redhat:satellite_maintenance:6.19::el9",
            "cpe:/a:redhat:satellite_utils:6.19::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "foreman",
          "product": "Red Hat Satellite 6.19 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.18.0.7-1.el9sat",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite:6"
          ],
          "defaultStatus": "affected",
          "packageName": "satellite-capsule:el8/foreman",
          "product": "Red Hat Satellite 6",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Stanislav Fot (Aisle Research) for reporting this issue."
        }
      ],
      "datePublic": "2026-04-15T12:34:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in Foreman. This broken access control vulnerability allows an authenticated user with host-edit permissions to retarget an existing lookup value override to a different host. This is achieved by modifying the match field through nested host attributes, effectively bypassing authorisation checks. The consequence is the potential for unauthorised modification of managed host configurations across different organisational and location boundaries."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-639",
              "description": "Authorization Bypass Through User-Controlled Key",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-01T23:53:14.087Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2026:34365",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:34365"
        },
        {
          "name": "RHSA-2026:34366",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:34366"
        },
        {
          "name": "RHSA-2026:34367",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:34367"
        },
        {
          "name": "RHSA-2026:34368",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:34368"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2026-5135"
        },
        {
          "name": "RHBZ#2452230",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452230"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-03-27T13:22:30.704Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2026-04-15T12:34:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Foreman: foreman: unauthorized modification of host configurations via broken access control",
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-639: Authorization Bypass Through User-Controlled Key"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2026-5135",
    "datePublished": "2026-07-01T14:08:39.712Z",
    "dateReserved": "2026-03-30T10:42:55.307Z",
    "dateUpdated": "2026-07-01T23:53:14.087Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-5135\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2026-07-01T15:17:11.740\",\"lastModified\":\"2026-07-02T00:16:45.193\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A flaw was found in Foreman. This broken access control vulnerability allows an authenticated user with host-edit permissions to retarget an existing lookup value override to a different host. This is achieved by modifying the match field through nested host attributes, effectively bypassing authorisation checks. The consequence is the potential for unauthorised modification of managed host configurations across different organisational and location boundaries.\"}],\"affected\":[{\"source\":\"secalert@redhat.com\",\"affectedData\":[{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Satellite 6.16 for RHEL 8\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"foreman\",\"cpes\":[\"cpe:/a:redhat:satellite:6.16::el8\",\"cpe:/a:redhat:satellite:6.16::el9\",\"cpe:/a:redhat:satellite_capsule:6.16::el8\",\"cpe:/a:redhat:satellite_capsule:6.16::el9\",\"cpe:/a:redhat:satellite_maintenance:6.16::el8\",\"cpe:/a:redhat:satellite_maintenance:6.16::el9\",\"cpe:/a:redhat:satellite_utils:6.16::el8\",\"cpe:/a:redhat:satellite_utils:6.16::el9\"],\"versions\":[{\"version\":\"0:3.12.0.17-1.el8sat\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Satellite 6.16 for RHEL 9\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"foreman\",\"cpes\":[\"cpe:/a:redhat:satellite:6.16::el8\",\"cpe:/a:redhat:satellite:6.16::el9\",\"cpe:/a:redhat:satellite_capsule:6.16::el8\",\"cpe:/a:redhat:satellite_capsule:6.16::el9\",\"cpe:/a:redhat:satellite_maintenance:6.16::el8\",\"cpe:/a:redhat:satellite_maintenance:6.16::el9\",\"cpe:/a:redhat:satellite_utils:6.16::el8\",\"cpe:/a:redhat:satellite_utils:6.16::el9\"],\"versions\":[{\"version\":\"0:3.12.0.17-1.el9sat\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Satellite 6.17 for RHEL 9\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"foreman\",\"cpes\":[\"cpe:/a:redhat:satellite:6.17::el9\",\"cpe:/a:redhat:satellite_capsule:6.17::el9\",\"cpe:/a:redhat:satellite_maintenance:6.17::el9\",\"cpe:/a:redhat:satellite_utils:6.17::el9\"],\"versions\":[{\"version\":\"0:3.14.0.17-1.el9sat\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Satellite 6.18 for RHEL 9\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"foreman\",\"cpes\":[\"cpe:/a:redhat:satellite:6.18::el9\",\"cpe:/a:redhat:satellite_capsule:6.18::el9\",\"cpe:/a:redhat:satellite_utils:6.18::el9\"],\"versions\":[{\"version\":\"0:3.16.0.17-1.el9sat\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Satellite 6.19 for RHEL 9\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"foreman\",\"cpes\":[\"cpe:/a:redhat:satellite:6.19::el9\",\"cpe:/a:redhat:satellite_capsule:6.19::el9\",\"cpe:/a:redhat:satellite_maintenance:6.19::el9\",\"cpe:/a:redhat:satellite_utils:6.19::el9\"],\"versions\":[{\"version\":\"0:3.18.0.7-1.el9sat\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Satellite 6\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"satellite-capsule:el8/foreman\",\"cpes\":[\"cpe:/a:redhat:satellite:6\"]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-07-01T14:52:27.488776Z\",\"id\":\"CVE-2026-5135\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-639\"}]}],\"references\":[{\"url\":\"https://access.redhat.com/errata/RHSA-2026:34365\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:34366\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:34367\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:34368\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2026-5135\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2452230\",\"source\":\"secalert@redhat.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-5135\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-07-01T14:52:27.488776Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-07-01T14:52:31.307Z\"}}], \"cna\": {\"title\": \"Foreman: foreman: unauthorized modification of host configurations via broken access control\", \"credits\": [{\"lang\": \"en\", \"value\": \"Red Hat would like to thank Stanislav Fot (Aisle Research) for reporting this issue.\"}], \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Moderate\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"cpes\": [\"cpe:/a:redhat:satellite:6.16::el8\", \"cpe:/a:redhat:satellite:6.16::el9\", \"cpe:/a:redhat:satellite_capsule:6.16::el8\", \"cpe:/a:redhat:satellite_capsule:6.16::el9\", \"cpe:/a:redhat:satellite_maintenance:6.16::el8\", \"cpe:/a:redhat:satellite_maintenance:6.16::el9\", \"cpe:/a:redhat:satellite_utils:6.16::el8\", \"cpe:/a:redhat:satellite_utils:6.16::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Satellite 6.16 for RHEL 8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:3.12.0.17-1.el8sat\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"foreman\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:satellite:6.16::el8\", \"cpe:/a:redhat:satellite:6.16::el9\", \"cpe:/a:redhat:satellite_capsule:6.16::el8\", \"cpe:/a:redhat:satellite_capsule:6.16::el9\", \"cpe:/a:redhat:satellite_maintenance:6.16::el8\", \"cpe:/a:redhat:satellite_maintenance:6.16::el9\", \"cpe:/a:redhat:satellite_utils:6.16::el8\", \"cpe:/a:redhat:satellite_utils:6.16::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Satellite 6.16 for RHEL 9\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:3.12.0.17-1.el9sat\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"foreman\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:satellite:6.18::el9\", \"cpe:/a:redhat:satellite_capsule:6.18::el9\", \"cpe:/a:redhat:satellite_utils:6.18::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Satellite 6.18 for RHEL 9\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:3.16.0.17-1.el9sat\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"foreman\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:satellite:6\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Satellite 6\", \"packageName\": \"satellite-capsule:el8/foreman\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2026-03-27T13:22:30.704Z\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2026-04-15T12:34:00.000Z\", \"value\": \"Made public.\"}], \"datePublic\": \"2026-04-15T12:34:00.000Z\", \"references\": [{\"url\": \"https://access.redhat.com/errata/RHSA-2026:34367\", \"name\": \"RHSA-2026:34367\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:34368\", \"name\": \"RHSA-2026:34368\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2026-5135\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2452230\", \"name\": \"RHBZ#2452230\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}], \"x_generator\": {\"engine\": \"cvelib 1.8.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A flaw was found in Foreman. This broken access control vulnerability allows an authenticated user with host-edit permissions to retarget an existing lookup value override to a different host. This is achieved by modifying the match field through nested host attributes, effectively bypassing authorisation checks. The consequence is the potential for unauthorised modification of managed host configurations across different organisational and location boundaries.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-639\", \"description\": \"Authorization Bypass Through User-Controlled Key\"}]}], \"providerMetadata\": {\"orgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"shortName\": \"redhat\", \"dateUpdated\": \"2026-07-01T19:40:47.169Z\"}, \"x_redhatCweChain\": \"CWE-639: Authorization Bypass Through User-Controlled Key\"}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-5135\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-07-01T19:40:47.169Z\", \"dateReserved\": \"2026-03-30T10:42:55.307Z\", \"assignerOrgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"datePublished\": \"2026-07-01T14:08:39.712Z\", \"assignerShortName\": \"redhat\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…