Action not permitted
Modal body text goes here.
Modal Title
Modal Body
FKIE_CVE-2026-1530
Vulnerability from fkie_nvd - Published: 2026-02-02 06:16 - Updated: 2026-04-15 00:35
Severity ?
Summary
A flaw was found in fog-kubevirt. This vulnerability allows a remote attacker to perform a Man-in-the-Middle (MITM) attack due to disabled certificate validation. This enables the attacker to intercept and potentially alter sensitive communications between Satellite and OpenShift, resulting in information disclosure and data integrity compromise.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in fog-kubevirt. This vulnerability allows a remote attacker to perform a Man-in-the-Middle (MITM) attack due to disabled certificate validation. This enables the attacker to intercept and potentially alter sensitive communications between Satellite and OpenShift, resulting in information disclosure and data integrity compromise."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla en fog-kubevirt. Esta vulnerabilidad permite a un atacante remoto realizar un ataque Man-in-the-Middle (MitM) debido a la validaci\u00f3n de certificados deshabilitada. Esto permite al atacante interceptar y potencialmente alterar comunicaciones sensibles entre Satellite y OpenShift, lo que resulta en revelaci\u00f3n de informaci\u00f3n y compromiso de la integridad de los datos."
}
],
"id": "CVE-2026-1530",
"lastModified": "2026-04-15T00:35:42.020",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "secalert@redhat.com",
"type": "Secondary"
}
]
},
"published": "2026-02-02T06:16:20.620",
"references": [
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2026:5970"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2026:5971"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/security/cve/CVE-2026-1530"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2433784"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
}
]
}
CVE-2026-1530 (GCVE-0-2026-1530)
Vulnerability from cvelistv5 – Published: 2026-02-02 05:47 – Updated: 2026-03-26 20:31
VLAI?
EPSS
Title
Fog-kubevirt: fog-kubevirt: man-in-the-middle vulnerability due to disabled certificate validation
Summary
A flaw was found in fog-kubevirt. This vulnerability allows a remote attacker to perform a Man-in-the-Middle (MITM) attack due to disabled certificate validation. This enables the attacker to intercept and potentially alter sensitive communications between Satellite and OpenShift, resulting in information disclosure and data integrity compromise.
Severity ?
8.1 (High)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://access.redhat.com/errata/RHSA-2026:5970 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:5971 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/security/cve/CVE-2026-1530 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2433784 | issue-trackingx_refsource_REDHAT |
Impacted products
27 products
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat | Red Hat Satellite 6.16 for RHEL 8 |
Unaffected:
0:1.5.1-1.el8sat , < *
(rpm)
cpe:/a:redhat:satellite_capsule:6.16::el9 cpe:/a:redhat:satellite_maintenance:6.16::el9 cpe:/a:redhat:satellite_capsule:6.16::el8 cpe:/a:redhat:satellite_utils:6.16::el8 cpe:/a:redhat:satellite:6.16::el9 cpe:/a:redhat:satellite:6.16::el8 cpe:/a:redhat:satellite_utils:6.16::el9 |
|
| Red Hat | Red Hat Satellite 6.16 for RHEL 9 |
Unaffected:
0:1.5.1-1.el9sat , < *
(rpm)
cpe:/a:redhat:satellite_capsule:6.16::el9 cpe:/a:redhat:satellite_maintenance:6.16::el9 cpe:/a:redhat:satellite_capsule:6.16::el8 cpe:/a:redhat:satellite_utils:6.16::el8 cpe:/a:redhat:satellite:6.16::el9 cpe:/a:redhat:satellite:6.16::el8 cpe:/a:redhat:satellite_utils:6.16::el9 |
|
| Red Hat | Red Hat Satellite 6.17 for RHEL 9 |
Unaffected:
0:3.14.0.14-1.el9sat , < *
(rpm)
cpe:/a:redhat:satellite_utils:6.17::el9 cpe:/a:redhat:satellite_maintenance:6.17::el9 cpe:/a:redhat:satellite:6.17::el9 cpe:/a:redhat:satellite_capsule:6.17::el9 |
|
| Red Hat | Red Hat Satellite 6.17 for RHEL 9 |
Unaffected:
0:0.1.23-0.3.el9pc , < *
(rpm)
cpe:/a:redhat:satellite_utils:6.17::el9 cpe:/a:redhat:satellite_maintenance:6.17::el9 cpe:/a:redhat:satellite:6.17::el9 cpe:/a:redhat:satellite_capsule:6.17::el9 |
|
| Red Hat | Red Hat Satellite 6.17 for RHEL 9 |
Unaffected:
0:1.2.0-0.1.el9pc , < *
(rpm)
cpe:/a:redhat:satellite_utils:6.17::el9 cpe:/a:redhat:satellite_maintenance:6.17::el9 cpe:/a:redhat:satellite:6.17::el9 cpe:/a:redhat:satellite_capsule:6.17::el9 |
|
| Red Hat | Red Hat Satellite 6.17 for RHEL 9 |
Unaffected:
0:4.2.28-0.1.el9pc , < *
(rpm)
cpe:/a:redhat:satellite_utils:6.17::el9 cpe:/a:redhat:satellite_maintenance:6.17::el9 cpe:/a:redhat:satellite:6.17::el9 cpe:/a:redhat:satellite_capsule:6.17::el9 |
|
| Red Hat | Red Hat Satellite 6.17 for RHEL 9 |
Unaffected:
0:2.22.3-1.el9pc , < *
(rpm)
cpe:/a:redhat:satellite_utils:6.17::el9 cpe:/a:redhat:satellite_maintenance:6.17::el9 cpe:/a:redhat:satellite:6.17::el9 cpe:/a:redhat:satellite_capsule:6.17::el9 |
|
| Red Hat | Red Hat Satellite 6.17 for RHEL 9 |
Unaffected:
0:3.27.10-2.el9pc , < *
(rpm)
cpe:/a:redhat:satellite_utils:6.17::el9 cpe:/a:redhat:satellite_maintenance:6.17::el9 cpe:/a:redhat:satellite:6.17::el9 cpe:/a:redhat:satellite_capsule:6.17::el9 |
|
| Red Hat | Red Hat Satellite 6.17 for RHEL 9 |
Unaffected:
0:1.5.1-1.el9sat , < *
(rpm)
cpe:/a:redhat:satellite_utils:6.17::el9 cpe:/a:redhat:satellite_maintenance:6.17::el9 cpe:/a:redhat:satellite:6.17::el9 cpe:/a:redhat:satellite_capsule:6.17::el9 |
|
| Red Hat | Red Hat Satellite 6.17 for RHEL 9 |
Unaffected:
0:0.4.3-1.el9sat , < *
(rpm)
cpe:/a:redhat:satellite_utils:6.17::el9 cpe:/a:redhat:satellite_maintenance:6.17::el9 cpe:/a:redhat:satellite:6.17::el9 cpe:/a:redhat:satellite_capsule:6.17::el9 |
|
| Red Hat | Red Hat Satellite 6.17 for RHEL 9 |
Unaffected:
0:4.16.0.14-1.el9sat , < *
(rpm)
cpe:/a:redhat:satellite_utils:6.17::el9 cpe:/a:redhat:satellite_maintenance:6.17::el9 cpe:/a:redhat:satellite:6.17::el9 cpe:/a:redhat:satellite_capsule:6.17::el9 |
|
| Red Hat | Red Hat Satellite 6.17 for RHEL 9 |
Unaffected:
0:0.13.0-1.el9sat , < *
(rpm)
cpe:/a:redhat:satellite_utils:6.17::el9 cpe:/a:redhat:satellite_maintenance:6.17::el9 cpe:/a:redhat:satellite:6.17::el9 cpe:/a:redhat:satellite_capsule:6.17::el9 |
|
| Red Hat | Red Hat Satellite 6.17 for RHEL 9 |
Unaffected:
0:6.17.7-1.el9sat , < *
(rpm)
cpe:/a:redhat:satellite_utils:6.17::el9 cpe:/a:redhat:satellite_maintenance:6.17::el9 cpe:/a:redhat:satellite:6.17::el9 cpe:/a:redhat:satellite_capsule:6.17::el9 |
|
| Red Hat | Red Hat Satellite 6.17 for RHEL 9 |
Unaffected:
0:0.0.3-4.el9sat , < *
(rpm)
cpe:/a:redhat:satellite_utils:6.17::el9 cpe:/a:redhat:satellite_maintenance:6.17::el9 cpe:/a:redhat:satellite:6.17::el9 cpe:/a:redhat:satellite_capsule:6.17::el9 |
|
| Red Hat | Red Hat Satellite 6.17 for RHEL 9 |
Unaffected:
0:3.14.0.14-1.el9sat , < *
(rpm)
cpe:/a:redhat:satellite_utils:6.17::el9 cpe:/a:redhat:satellite_maintenance:6.17::el9 cpe:/a:redhat:satellite:6.17::el9 cpe:/a:redhat:satellite_capsule:6.17::el9 |
|
| Red Hat | Red Hat Satellite 6.17 for RHEL 9 |
Unaffected:
0:0.1.23-0.3.el9pc , < *
(rpm)
cpe:/a:redhat:satellite_utils:6.17::el9 cpe:/a:redhat:satellite_maintenance:6.17::el9 cpe:/a:redhat:satellite:6.17::el9 cpe:/a:redhat:satellite_capsule:6.17::el9 |
|
| Red Hat | Red Hat Satellite 6.17 for RHEL 9 |
Unaffected:
0:1.2.0-0.1.el9pc , < *
(rpm)
cpe:/a:redhat:satellite_utils:6.17::el9 cpe:/a:redhat:satellite_maintenance:6.17::el9 cpe:/a:redhat:satellite:6.17::el9 cpe:/a:redhat:satellite_capsule:6.17::el9 |
|
| Red Hat | Red Hat Satellite 6.17 for RHEL 9 |
Unaffected:
0:4.2.28-0.1.el9pc , < *
(rpm)
cpe:/a:redhat:satellite_utils:6.17::el9 cpe:/a:redhat:satellite_maintenance:6.17::el9 cpe:/a:redhat:satellite:6.17::el9 cpe:/a:redhat:satellite_capsule:6.17::el9 |
|
| Red Hat | Red Hat Satellite 6.17 for RHEL 9 |
Unaffected:
0:2.22.3-1.el9pc , < *
(rpm)
cpe:/a:redhat:satellite_utils:6.17::el9 cpe:/a:redhat:satellite_maintenance:6.17::el9 cpe:/a:redhat:satellite:6.17::el9 cpe:/a:redhat:satellite_capsule:6.17::el9 |
|
| Red Hat | Red Hat Satellite 6.17 for RHEL 9 |
Unaffected:
0:3.27.10-2.el9pc , < *
(rpm)
cpe:/a:redhat:satellite_utils:6.17::el9 cpe:/a:redhat:satellite_maintenance:6.17::el9 cpe:/a:redhat:satellite:6.17::el9 cpe:/a:redhat:satellite_capsule:6.17::el9 |
|
| Red Hat | Red Hat Satellite 6.17 for RHEL 9 |
Unaffected:
0:1.5.1-1.el9sat , < *
(rpm)
cpe:/a:redhat:satellite_utils:6.17::el9 cpe:/a:redhat:satellite_maintenance:6.17::el9 cpe:/a:redhat:satellite:6.17::el9 cpe:/a:redhat:satellite_capsule:6.17::el9 |
|
| Red Hat | Red Hat Satellite 6.17 for RHEL 9 |
Unaffected:
0:0.4.3-1.el9sat , < *
(rpm)
cpe:/a:redhat:satellite_utils:6.17::el9 cpe:/a:redhat:satellite_maintenance:6.17::el9 cpe:/a:redhat:satellite:6.17::el9 cpe:/a:redhat:satellite_capsule:6.17::el9 |
|
| Red Hat | Red Hat Satellite 6.17 for RHEL 9 |
Unaffected:
0:4.16.0.14-1.el9sat , < *
(rpm)
cpe:/a:redhat:satellite_utils:6.17::el9 cpe:/a:redhat:satellite_maintenance:6.17::el9 cpe:/a:redhat:satellite:6.17::el9 cpe:/a:redhat:satellite_capsule:6.17::el9 |
|
| Red Hat | Red Hat Satellite 6.17 for RHEL 9 |
Unaffected:
0:0.13.0-1.el9sat , < *
(rpm)
cpe:/a:redhat:satellite_utils:6.17::el9 cpe:/a:redhat:satellite_maintenance:6.17::el9 cpe:/a:redhat:satellite:6.17::el9 cpe:/a:redhat:satellite_capsule:6.17::el9 |
|
| Red Hat | Red Hat Satellite 6.17 for RHEL 9 |
Unaffected:
0:6.17.7-1.el9sat , < *
(rpm)
cpe:/a:redhat:satellite_utils:6.17::el9 cpe:/a:redhat:satellite_maintenance:6.17::el9 cpe:/a:redhat:satellite:6.17::el9 cpe:/a:redhat:satellite_capsule:6.17::el9 |
|
| Red Hat | Red Hat Satellite 6.17 for RHEL 9 |
Unaffected:
0:0.0.3-4.el9sat , < *
(rpm)
cpe:/a:redhat:satellite_utils:6.17::el9 cpe:/a:redhat:satellite_maintenance:6.17::el9 cpe:/a:redhat:satellite:6.17::el9 cpe:/a:redhat:satellite_capsule:6.17::el9 |
|
| Red Hat | Red Hat Satellite 6 |
cpe:/a:redhat:satellite:6 |
Date Public ?
2026-01-28 12:40
Credits
This issue was discovered by Evgeni Golov (Red Hat).
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1530",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-02T16:26:13.539148Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-02T16:28:31.327Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_capsule:6.16::el9",
"cpe:/a:redhat:satellite_maintenance:6.16::el9",
"cpe:/a:redhat:satellite_capsule:6.16::el8",
"cpe:/a:redhat:satellite_utils:6.16::el8",
"cpe:/a:redhat:satellite:6.16::el9",
"cpe:/a:redhat:satellite:6.16::el8",
"cpe:/a:redhat:satellite_utils:6.16::el9"
],
"defaultStatus": "affected",
"packageName": "rubygem-fog-kubevirt",
"product": "Red Hat Satellite 6.16 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.5.1-1.el8sat",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_capsule:6.16::el9",
"cpe:/a:redhat:satellite_maintenance:6.16::el9",
"cpe:/a:redhat:satellite_capsule:6.16::el8",
"cpe:/a:redhat:satellite_utils:6.16::el8",
"cpe:/a:redhat:satellite:6.16::el9",
"cpe:/a:redhat:satellite:6.16::el8",
"cpe:/a:redhat:satellite_utils:6.16::el9"
],
"defaultStatus": "affected",
"packageName": "rubygem-fog-kubevirt",
"product": "Red Hat Satellite 6.16 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.5.1-1.el9sat",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_utils:6.17::el9",
"cpe:/a:redhat:satellite_maintenance:6.17::el9",
"cpe:/a:redhat:satellite:6.17::el9",
"cpe:/a:redhat:satellite_capsule:6.17::el9"
],
"defaultStatus": "affected",
"packageName": "foreman",
"product": "Red Hat Satellite 6.17 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.14.0.14-1.el9sat",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_utils:6.17::el9",
"cpe:/a:redhat:satellite_maintenance:6.17::el9",
"cpe:/a:redhat:satellite:6.17::el9",
"cpe:/a:redhat:satellite_capsule:6.17::el9"
],
"defaultStatus": "affected",
"packageName": "libcomps",
"product": "Red Hat Satellite 6.17 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:0.1.23-0.3.el9pc",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_utils:6.17::el9",
"cpe:/a:redhat:satellite_maintenance:6.17::el9",
"cpe:/a:redhat:satellite:6.17::el9",
"cpe:/a:redhat:satellite_capsule:6.17::el9"
],
"defaultStatus": "affected",
"packageName": "python-brotli",
"product": "Red Hat Satellite 6.17 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.2.0-0.1.el9pc",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_utils:6.17::el9",
"cpe:/a:redhat:satellite_maintenance:6.17::el9",
"cpe:/a:redhat:satellite:6.17::el9",
"cpe:/a:redhat:satellite_capsule:6.17::el9"
],
"defaultStatus": "affected",
"packageName": "python-django",
"product": "Red Hat Satellite 6.17 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.2.28-0.1.el9pc",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_utils:6.17::el9",
"cpe:/a:redhat:satellite_maintenance:6.17::el9",
"cpe:/a:redhat:satellite:6.17::el9",
"cpe:/a:redhat:satellite_capsule:6.17::el9"
],
"defaultStatus": "affected",
"packageName": "python-pulp-container",
"product": "Red Hat Satellite 6.17 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.22.3-1.el9pc",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_utils:6.17::el9",
"cpe:/a:redhat:satellite_maintenance:6.17::el9",
"cpe:/a:redhat:satellite:6.17::el9",
"cpe:/a:redhat:satellite_capsule:6.17::el9"
],
"defaultStatus": "affected",
"packageName": "python-pulp-rpm",
"product": "Red Hat Satellite 6.17 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.27.10-2.el9pc",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_utils:6.17::el9",
"cpe:/a:redhat:satellite_maintenance:6.17::el9",
"cpe:/a:redhat:satellite:6.17::el9",
"cpe:/a:redhat:satellite_capsule:6.17::el9"
],
"defaultStatus": "affected",
"packageName": "rubygem-fog-kubevirt",
"product": "Red Hat Satellite 6.17 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.5.1-1.el9sat",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_utils:6.17::el9",
"cpe:/a:redhat:satellite_maintenance:6.17::el9",
"cpe:/a:redhat:satellite:6.17::el9",
"cpe:/a:redhat:satellite_capsule:6.17::el9"
],
"defaultStatus": "affected",
"packageName": "rubygem-foreman_kubevirt",
"product": "Red Hat Satellite 6.17 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:0.4.3-1.el9sat",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_utils:6.17::el9",
"cpe:/a:redhat:satellite_maintenance:6.17::el9",
"cpe:/a:redhat:satellite:6.17::el9",
"cpe:/a:redhat:satellite_capsule:6.17::el9"
],
"defaultStatus": "affected",
"packageName": "rubygem-katello",
"product": "Red Hat Satellite 6.17 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.16.0.14-1.el9sat",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_utils:6.17::el9",
"cpe:/a:redhat:satellite_maintenance:6.17::el9",
"cpe:/a:redhat:satellite:6.17::el9",
"cpe:/a:redhat:satellite_capsule:6.17::el9"
],
"defaultStatus": "affected",
"packageName": "rubygem-rubyipmi",
"product": "Red Hat Satellite 6.17 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:0.13.0-1.el9sat",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_utils:6.17::el9",
"cpe:/a:redhat:satellite_maintenance:6.17::el9",
"cpe:/a:redhat:satellite:6.17::el9",
"cpe:/a:redhat:satellite_capsule:6.17::el9"
],
"defaultStatus": "affected",
"packageName": "satellite",
"product": "Red Hat Satellite 6.17 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:6.17.7-1.el9sat",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_utils:6.17::el9",
"cpe:/a:redhat:satellite_maintenance:6.17::el9",
"cpe:/a:redhat:satellite:6.17::el9",
"cpe:/a:redhat:satellite_capsule:6.17::el9"
],
"defaultStatus": "affected",
"packageName": "yggdrasil-worker-forwarder",
"product": "Red Hat Satellite 6.17 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:0.0.3-4.el9sat",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_utils:6.17::el9",
"cpe:/a:redhat:satellite_maintenance:6.17::el9",
"cpe:/a:redhat:satellite:6.17::el9",
"cpe:/a:redhat:satellite_capsule:6.17::el9"
],
"defaultStatus": "affected",
"packageName": "foreman",
"product": "Red Hat Satellite 6.17 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.14.0.14-1.el9sat",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_utils:6.17::el9",
"cpe:/a:redhat:satellite_maintenance:6.17::el9",
"cpe:/a:redhat:satellite:6.17::el9",
"cpe:/a:redhat:satellite_capsule:6.17::el9"
],
"defaultStatus": "affected",
"packageName": "libcomps",
"product": "Red Hat Satellite 6.17 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:0.1.23-0.3.el9pc",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_utils:6.17::el9",
"cpe:/a:redhat:satellite_maintenance:6.17::el9",
"cpe:/a:redhat:satellite:6.17::el9",
"cpe:/a:redhat:satellite_capsule:6.17::el9"
],
"defaultStatus": "affected",
"packageName": "python-brotli",
"product": "Red Hat Satellite 6.17 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.2.0-0.1.el9pc",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_utils:6.17::el9",
"cpe:/a:redhat:satellite_maintenance:6.17::el9",
"cpe:/a:redhat:satellite:6.17::el9",
"cpe:/a:redhat:satellite_capsule:6.17::el9"
],
"defaultStatus": "affected",
"packageName": "python-django",
"product": "Red Hat Satellite 6.17 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.2.28-0.1.el9pc",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_utils:6.17::el9",
"cpe:/a:redhat:satellite_maintenance:6.17::el9",
"cpe:/a:redhat:satellite:6.17::el9",
"cpe:/a:redhat:satellite_capsule:6.17::el9"
],
"defaultStatus": "affected",
"packageName": "python-pulp-container",
"product": "Red Hat Satellite 6.17 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.22.3-1.el9pc",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_utils:6.17::el9",
"cpe:/a:redhat:satellite_maintenance:6.17::el9",
"cpe:/a:redhat:satellite:6.17::el9",
"cpe:/a:redhat:satellite_capsule:6.17::el9"
],
"defaultStatus": "affected",
"packageName": "python-pulp-rpm",
"product": "Red Hat Satellite 6.17 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.27.10-2.el9pc",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_utils:6.17::el9",
"cpe:/a:redhat:satellite_maintenance:6.17::el9",
"cpe:/a:redhat:satellite:6.17::el9",
"cpe:/a:redhat:satellite_capsule:6.17::el9"
],
"defaultStatus": "affected",
"packageName": "rubygem-fog-kubevirt",
"product": "Red Hat Satellite 6.17 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.5.1-1.el9sat",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_utils:6.17::el9",
"cpe:/a:redhat:satellite_maintenance:6.17::el9",
"cpe:/a:redhat:satellite:6.17::el9",
"cpe:/a:redhat:satellite_capsule:6.17::el9"
],
"defaultStatus": "affected",
"packageName": "rubygem-foreman_kubevirt",
"product": "Red Hat Satellite 6.17 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:0.4.3-1.el9sat",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_utils:6.17::el9",
"cpe:/a:redhat:satellite_maintenance:6.17::el9",
"cpe:/a:redhat:satellite:6.17::el9",
"cpe:/a:redhat:satellite_capsule:6.17::el9"
],
"defaultStatus": "affected",
"packageName": "rubygem-katello",
"product": "Red Hat Satellite 6.17 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.16.0.14-1.el9sat",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_utils:6.17::el9",
"cpe:/a:redhat:satellite_maintenance:6.17::el9",
"cpe:/a:redhat:satellite:6.17::el9",
"cpe:/a:redhat:satellite_capsule:6.17::el9"
],
"defaultStatus": "affected",
"packageName": "rubygem-rubyipmi",
"product": "Red Hat Satellite 6.17 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:0.13.0-1.el9sat",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_utils:6.17::el9",
"cpe:/a:redhat:satellite_maintenance:6.17::el9",
"cpe:/a:redhat:satellite:6.17::el9",
"cpe:/a:redhat:satellite_capsule:6.17::el9"
],
"defaultStatus": "affected",
"packageName": "satellite",
"product": "Red Hat Satellite 6.17 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:6.17.7-1.el9sat",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_utils:6.17::el9",
"cpe:/a:redhat:satellite_maintenance:6.17::el9",
"cpe:/a:redhat:satellite:6.17::el9",
"cpe:/a:redhat:satellite_capsule:6.17::el9"
],
"defaultStatus": "affected",
"packageName": "yggdrasil-worker-forwarder",
"product": "Red Hat Satellite 6.17 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:0.0.3-4.el9sat",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite:6"
],
"defaultStatus": "affected",
"packageName": "satellite:el8/rubygem-fog-kubevirt",
"product": "Red Hat Satellite 6",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Evgeni Golov (Red Hat)."
}
],
"datePublic": "2026-01-28T12:40:37.424Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in fog-kubevirt. This vulnerability allows a remote attacker to perform a Man-in-the-Middle (MITM) attack due to disabled certificate validation. This enables the attacker to intercept and potentially alter sensitive communications between Satellite and OpenShift, resulting in information disclosure and data integrity compromise."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-26T20:31:44.599Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2026:5970",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:5970"
},
{
"name": "RHSA-2026:5971",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:5971"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-1530"
},
{
"name": "RHBZ#2433784",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2433784"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-01-28T12:39:43.076Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-01-28T12:40:37.424Z",
"value": "Made public."
}
],
"title": "Fog-kubevirt: fog-kubevirt: man-in-the-middle vulnerability due to disabled certificate validation",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-295: Improper Certificate Validation"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2026-1530",
"datePublished": "2026-02-02T05:47:10.049Z",
"dateReserved": "2026-01-28T12:41:52.835Z",
"dateUpdated": "2026-03-26T20:31:44.599Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…