CVE-2026-1961 - Vulnerability Details - OpenCVE

A flaw was found in Foreman. A remote attacker could exploit a command injection vulnerability in Foreman's WebSocket proxy implementation. This vulnerability arises from the system's use of unsanitized hostname values from compute resource providers when constructing shell commands. By operating a malicious compute resource server, an attacker could achieve remote code execution on the Foreman server when a user accesses VM VNC console functionality. This could lead to the compromise of sensitive credentials and the entire managed infrastructure.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00111.

Exploitation poc

Automatable no

Technical Impact total

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Red Hat

Red Hat Satellite 6.16 for RHEL 8

affected

Version	Status	Constraints
`0:3.12.0.14-1.el8sat`	unaffected	< *

Red Hat

Red Hat Satellite 6.16 for RHEL 9

affected

Version	Status	Constraints
`0:3.12.0.14-1.el9sat`	unaffected	< *

Red Hat

Red Hat Satellite 6.17 for RHEL 9

affected

Version	Status	Constraints
`0:3.14.0.14-1.el9sat`	unaffected	< *

Red Hat

Red Hat Satellite 6.17 for RHEL 9

affected

Version	Status	Constraints
`0:0.1.23-0.3.el9pc`	unaffected	< *

Red Hat

Red Hat Satellite 6.17 for RHEL 9

affected

Version	Status	Constraints
`0:1.2.0-0.1.el9pc`	unaffected	< *

Red Hat

Red Hat Satellite 6.17 for RHEL 9

affected

Version	Status	Constraints
`0:4.2.28-0.1.el9pc`	unaffected	< *

Red Hat

Red Hat Satellite 6.17 for RHEL 9

affected

Version	Status	Constraints
`0:2.22.3-1.el9pc`	unaffected	< *

Red Hat

Red Hat Satellite 6.17 for RHEL 9

affected

Version	Status	Constraints
`0:3.27.10-2.el9pc`	unaffected	< *

Red Hat

Red Hat Satellite 6.17 for RHEL 9

affected

Version	Status	Constraints
`0:1.5.1-1.el9sat`	unaffected	< *

Red Hat

Red Hat Satellite 6.17 for RHEL 9

affected

Version	Status	Constraints
`0:0.4.3-1.el9sat`	unaffected	< *

Red Hat

Red Hat Satellite 6.17 for RHEL 9

affected

Version	Status	Constraints
`0:4.16.0.14-1.el9sat`	unaffected	< *

Red Hat

Red Hat Satellite 6.17 for RHEL 9

affected

Version	Status	Constraints
`0:0.13.0-1.el9sat`	unaffected	< *

Red Hat

Red Hat Satellite 6.17 for RHEL 9

affected

Version	Status	Constraints
`0:6.17.7-1.el9sat`	unaffected	< *

Red Hat

Red Hat Satellite 6.17 for RHEL 9

affected

Version	Status	Constraints
`0:0.0.3-4.el9sat`	unaffected	< *

Red Hat

Red Hat Satellite 6.17 for RHEL 9

affected

Version	Status	Constraints
`0:3.14.0.14-1.el9sat`	unaffected	< *

Red Hat

Red Hat Satellite 6.17 for RHEL 9

affected

Version	Status	Constraints
`0:0.1.23-0.3.el9pc`	unaffected	< *

Red Hat

Red Hat Satellite 6.17 for RHEL 9

affected

Version	Status	Constraints
`0:1.2.0-0.1.el9pc`	unaffected	< *

Red Hat

Red Hat Satellite 6.17 for RHEL 9

affected

Version	Status	Constraints
`0:4.2.28-0.1.el9pc`	unaffected	< *

Red Hat

Red Hat Satellite 6.17 for RHEL 9

affected

Version	Status	Constraints
`0:2.22.3-1.el9pc`	unaffected	< *

Red Hat

Red Hat Satellite 6.17 for RHEL 9

affected

Version	Status	Constraints
`0:3.27.10-2.el9pc`	unaffected	< *

Red Hat

Red Hat Satellite 6.17 for RHEL 9

affected

Version	Status	Constraints
`0:1.5.1-1.el9sat`	unaffected	< *

Red Hat

Red Hat Satellite 6.17 for RHEL 9

affected

Version	Status	Constraints
`0:0.4.3-1.el9sat`	unaffected	< *

Red Hat

Red Hat Satellite 6.17 for RHEL 9

affected

Version	Status	Constraints
`0:4.16.0.14-1.el9sat`	unaffected	< *

Red Hat

Red Hat Satellite 6.17 for RHEL 9

affected

Version	Status	Constraints
`0:0.13.0-1.el9sat`	unaffected	< *

Red Hat

Red Hat Satellite 6.17 for RHEL 9

affected

Version	Status	Constraints
`0:6.17.7-1.el9sat`	unaffected	< *

Red Hat

Red Hat Satellite 6.17 for RHEL 9

affected

Version	Status	Constraints
`0:0.0.3-4.el9sat`	unaffected	< *

Red Hat

Red Hat Satellite 6.18 for RHEL 9

affected

Version	Status	Constraints
`0:3.16.0.12-1.el9sat`	unaffected	< *

Red Hat Red Hat Satellite 6 affected —

No data.

Package	CPE	Advisory	Released Date
Red Hat Satellite 6.16 for RHEL 8
foreman-0:3.12.0.14-1.el8sat	cpe:/a:redhat:satellite_utils:6.16::el8	RHSA-2026:5971	2026-03-26T00:00:00Z
Red Hat Satellite 6.16 for RHEL 9
foreman-0:3.12.0.14-1.el9sat	cpe:/a:redhat:satellite_utils:6.16::el9	RHSA-2026:5971	2026-03-26T00:00:00Z
Red Hat Satellite 6.17 for RHEL 9
foreman-0:3.14.0.14-1.el9sat	cpe:/a:redhat:satellite_maintenance:6.17::el9	RHSA-2026:5970	2026-03-26T00:00:00Z
libcomps-0:0.1.23-0.3.el9pc	cpe:/a:redhat:satellite_maintenance:6.17::el9	RHSA-2026:5970	2026-03-26T00:00:00Z
python-brotli-0:1.2.0-0.1.el9pc	cpe:/a:redhat:satellite_maintenance:6.17::el9	RHSA-2026:5970	2026-03-26T00:00:00Z
python-django-0:4.2.28-0.1.el9pc	cpe:/a:redhat:satellite_maintenance:6.17::el9	RHSA-2026:5970	2026-03-26T00:00:00Z
python-pulp-container-0:2.22.3-1.el9pc	cpe:/a:redhat:satellite_maintenance:6.17::el9	RHSA-2026:5970	2026-03-26T00:00:00Z
python-pulp-rpm-0:3.27.10-2.el9pc	cpe:/a:redhat:satellite_maintenance:6.17::el9	RHSA-2026:5970	2026-03-26T00:00:00Z
rubygem-fog-kubevirt-0:1.5.1-1.el9sat	cpe:/a:redhat:satellite_maintenance:6.17::el9	RHSA-2026:5970	2026-03-26T00:00:00Z
rubygem-foreman_kubevirt-0:0.4.3-1.el9sat	cpe:/a:redhat:satellite_maintenance:6.17::el9	RHSA-2026:5970	2026-03-26T00:00:00Z
rubygem-katello-0:4.16.0.14-1.el9sat	cpe:/a:redhat:satellite_maintenance:6.17::el9	RHSA-2026:5970	2026-03-26T00:00:00Z
rubygem-rubyipmi-0:0.13.0-1.el9sat	cpe:/a:redhat:satellite_maintenance:6.17::el9	RHSA-2026:5970	2026-03-26T00:00:00Z
satellite-0:6.17.7-1.el9sat	cpe:/a:redhat:satellite_maintenance:6.17::el9	RHSA-2026:5970	2026-03-26T00:00:00Z
yggdrasil-worker-forwarder-0:0.0.3-4.el9sat	cpe:/a:redhat:satellite_maintenance:6.17::el9	RHSA-2026:5970	2026-03-26T00:00:00Z
foreman-0:3.14.0.14-1.el9sat	cpe:/a:redhat:satellite_utils:6.17::el9	RHSA-2026:5970	2026-03-26T00:00:00Z
libcomps-0:0.1.23-0.3.el9pc	cpe:/a:redhat:satellite_utils:6.17::el9	RHSA-2026:5970	2026-03-26T00:00:00Z
python-brotli-0:1.2.0-0.1.el9pc	cpe:/a:redhat:satellite_utils:6.17::el9	RHSA-2026:5970	2026-03-26T00:00:00Z
python-django-0:4.2.28-0.1.el9pc	cpe:/a:redhat:satellite_utils:6.17::el9	RHSA-2026:5970	2026-03-26T00:00:00Z
python-pulp-container-0:2.22.3-1.el9pc	cpe:/a:redhat:satellite_utils:6.17::el9	RHSA-2026:5970	2026-03-26T00:00:00Z
python-pulp-rpm-0:3.27.10-2.el9pc	cpe:/a:redhat:satellite_utils:6.17::el9	RHSA-2026:5970	2026-03-26T00:00:00Z
rubygem-fog-kubevirt-0:1.5.1-1.el9sat	cpe:/a:redhat:satellite_utils:6.17::el9	RHSA-2026:5970	2026-03-26T00:00:00Z
rubygem-foreman_kubevirt-0:0.4.3-1.el9sat	cpe:/a:redhat:satellite_utils:6.17::el9	RHSA-2026:5970	2026-03-26T00:00:00Z
rubygem-katello-0:4.16.0.14-1.el9sat	cpe:/a:redhat:satellite_utils:6.17::el9	RHSA-2026:5970	2026-03-26T00:00:00Z
rubygem-rubyipmi-0:0.13.0-1.el9sat	cpe:/a:redhat:satellite_utils:6.17::el9	RHSA-2026:5970	2026-03-26T00:00:00Z
satellite-0:6.17.7-1.el9sat	cpe:/a:redhat:satellite_utils:6.17::el9	RHSA-2026:5970	2026-03-26T00:00:00Z
yggdrasil-worker-forwarder-0:0.0.3-4.el9sat	cpe:/a:redhat:satellite_utils:6.17::el9	RHSA-2026:5970	2026-03-26T00:00:00Z
Red Hat Satellite 6.18 for RHEL 9
foreman-0:3.16.0.12-1.el9sat	cpe:/a:redhat:satellite_utils:6.18::el9	RHSA-2026:5968	2026-03-26T00:00:00Z

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Red Hat Subscribe	Red Hat Satellite 6 Subscribe
Redhat Subscribe	Satellite Subscribe

Project Subscriptions

Vendors	Products
Red Hat Subscribe	Red Hat Satellite 6 Subscribe
Redhat Subscribe	Satellite Subscribe Satellite Capsule Subscribe Satellite Maintenance Subscribe Satellite Utils Subscribe

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2026/03/27/3
https://access.redhat.com/errata/RHSA-2026:5968
https://access.redhat.com/errata/RHSA-2026:5970
https://access.redhat.com/errata/RHSA-2026:5971
https://access.redhat.com/security/cve/CVE-2026-1961
https://bugzilla.redhat.com/show_bug.cgi?id=2437036
https://nvd.nist.gov/vuln/detail/CVE-2026-1961
https://www.cve.org/CVERecord?id=CVE-2026-1961

History

Sun, 29 Mar 2026 20:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-78

Fri, 27 Mar 2026 20:30:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-78 CWE-94

Fri, 27 Mar 2026 17:30:00 +0000

Type	Values Removed	Values Added
References		http://www.openwall.com/lists/oss-security/2026/03/27/3

Fri, 27 Mar 2026 09:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-78 CWE-94

Fri, 27 Mar 2026 08:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Red Hat Red Hat red Hat Satellite 6
Vendors & Products		Red Hat Red Hat red Hat Satellite 6

Fri, 27 Mar 2026 04:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:satellite:6.18::el9 cpe:/a:redhat:satellite_capsule:6.18::el9 cpe:/a:redhat:satellite_utils:6.18::el9
References		https://access.redhat.com/errata/RHSA-2026:5968 https://nvd.nist.gov/vuln/detail/CVE-2026-1961 https://www.cve.org/CVERecord?id=CVE-2026-1961
Metrics	threat_severity `None`	threat_severity `Important`

Thu, 26 Mar 2026 21:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat satellite Capsule Redhat satellite Maintenance Redhat satellite Utils
CPEs		cpe:/a:redhat:satellite:6.16::el8 cpe:/a:redhat:satellite:6.16::el9 cpe:/a:redhat:satellite:6.17::el9 cpe:/a:redhat:satellite_capsule:6.16::el8 cpe:/a:redhat:satellite_capsule:6.16::el9 cpe:/a:redhat:satellite_capsule:6.17::el9 cpe:/a:redhat:satellite_maintenance:6.16::el9 cpe:/a:redhat:satellite_maintenance:6.17::el9 cpe:/a:redhat:satellite_utils:6.16::el8 cpe:/a:redhat:satellite_utils:6.16::el9 cpe:/a:redhat:satellite_utils:6.17::el9
Vendors & Products		Redhat satellite Capsule Redhat satellite Maintenance Redhat satellite Utils
References		https://access.redhat.com/errata/RHSA-2026:5970 https://access.redhat.com/errata/RHSA-2026:5971

Thu, 26 Mar 2026 13:15:00 +0000

Type	Values Removed	Values Added
Description		A flaw was found in Foreman. A remote attacker could exploit a command injection vulnerability in Foreman's WebSocket proxy implementation. This vulnerability arises from the system's use of unsanitized hostname values from compute resource providers when constructing shell commands. By operating a malicious compute resource server, an attacker could achieve remote code execution on the Foreman server when a user accesses VM VNC console functionality. This could lead to the compromise of sensitive credentials and the entire managed infrastructure.
Title		Forman: foreman: remote code execution via command injection in websocket proxy
First Time appeared		Redhat Redhat satellite
CPEs		cpe:/a:redhat:satellite:6
Vendors & Products		Redhat Redhat satellite
References		https://access.redhat.com/security/cve/CVE-2026-1961 https://bugzilla.redhat.com/show_bug.cgi?id=2437036
Metrics		cvssV3_1 `{'score': 8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2026-03-26T12:53:09.566Z

Updated: 2026-04-08T11:23:19.413Z

Reserved: 2026-02-05T10:43:18.671Z

Link: CVE-2026-1961

Vulnrichment

Updated: 2026-03-27T16:18:13.602Z

NVD

Status : Awaiting Analysis

Published: 2026-03-26T13:16:27.650

Modified: 2026-04-08T12:16:20.597

Link: CVE-2026-1961

Redhat

Severity : Important

Publid Date: 2026-03-26T12:30:45Z

Links: CVE-2026-1961 - Bugzilla

OpenCVE Enrichment

Updated: 2026-03-29T20:27:54Z

Weaknesses

CWE-78

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-1961", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2026-02-05T10:43:18.671Z", "datePublished": "2026-03-26T12:53:09.566Z", "dateUpdated": "2026-04-08T11:23:19.413Z"}, "containers": {"cna": {"title": "Forman: foreman: remote code execution via command injection in websocket proxy", "metrics": [{"other": {"content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in Foreman. A remote attacker could exploit a command injection vulnerability in Foreman's WebSocket proxy implementation. This vulnerability arises from the system's use of unsanitized hostname values from compute resource providers when constructing shell commands. By operating a malicious compute resource server, an attacker could achieve remote code execution on the Foreman server when a user accesses VM VNC console functionality. This could lead to the compromise of sensitive credentials and the entire managed infrastructure."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat Satellite 6.16 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "foreman", "defaultStatus": "affected", "versions": [{"version": "0:3.12.0.14-1.el8sat", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite_utils:6.16::el8", "cpe:/a:redhat:satellite:6.16::el9", "cpe:/a:redhat:satellite_utils:6.16::el9", "cpe:/a:redhat:satellite:6.16::el8", "cpe:/a:redhat:satellite_capsule:6.16::el8", "cpe:/a:redhat:satellite_capsule:6.16::el9", "cpe:/a:redhat:satellite_maintenance:6.16::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.16 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "foreman", "defaultStatus": "affected", "versions": [{"version": "0:3.12.0.14-1.el9sat", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite_utils:6.16::el8", "cpe:/a:redhat:satellite:6.16::el9", "cpe:/a:redhat:satellite_utils:6.16::el9", "cpe:/a:redhat:satellite:6.16::el8", "cpe:/a:redhat:satellite_capsule:6.16::el8", "cpe:/a:redhat:satellite_capsule:6.16::el9", "cpe:/a:redhat:satellite_maintenance:6.16::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "foreman", "defaultStatus": "affected", "versions": [{"version": "0:3.14.0.14-1.el9sat", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9", "cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libcomps", "defaultStatus": "affected", "versions": [{"version": "0:0.1.23-0.3.el9pc", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9", "cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "python-brotli", "defaultStatus": "affected", "versions": [{"version": "0:1.2.0-0.1.el9pc", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9", "cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "python-django", "defaultStatus": "affected", "versions": [{"version": "0:4.2.28-0.1.el9pc", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9", "cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "python-pulp-container", "defaultStatus": "affected", "versions": [{"version": "0:2.22.3-1.el9pc", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9", "cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "python-pulp-rpm", "defaultStatus": "affected", "versions": [{"version": "0:3.27.10-2.el9pc", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9", "cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rubygem-fog-kubevirt", "defaultStatus": "affected", "versions": [{"version": "0:1.5.1-1.el9sat", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9", "cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rubygem-foreman_kubevirt", "defaultStatus": "affected", "versions": [{"version": "0:0.4.3-1.el9sat", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9", "cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rubygem-katello", "defaultStatus": "affected", "versions": [{"version": "0:4.16.0.14-1.el9sat", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9", "cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rubygem-rubyipmi", "defaultStatus": "affected", "versions": [{"version": "0:0.13.0-1.el9sat", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9", "cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "satellite", "defaultStatus": "affected", "versions": [{"version": "0:6.17.7-1.el9sat", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9", "cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "yggdrasil-worker-forwarder", "defaultStatus": "affected", "versions": [{"version": "0:0.0.3-4.el9sat", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9", "cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "foreman", "defaultStatus": "affected", "versions": [{"version": "0:3.14.0.14-1.el9sat", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9", "cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libcomps", "defaultStatus": "affected", "versions": [{"version": "0:0.1.23-0.3.el9pc", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9", "cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "python-brotli", "defaultStatus": "affected", "versions": [{"version": "0:1.2.0-0.1.el9pc", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9", "cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "python-django", "defaultStatus": "affected", "versions": [{"version": "0:4.2.28-0.1.el9pc", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9", "cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "python-pulp-container", "defaultStatus": "affected", "versions": [{"version": "0:2.22.3-1.el9pc", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9", "cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "python-pulp-rpm", "defaultStatus": "affected", "versions": [{"version": "0:3.27.10-2.el9pc", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9", "cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rubygem-fog-kubevirt", "defaultStatus": "affected", "versions": [{"version": "0:1.5.1-1.el9sat", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9", "cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rubygem-foreman_kubevirt", "defaultStatus": "affected", "versions": [{"version": "0:0.4.3-1.el9sat", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9", "cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rubygem-katello", "defaultStatus": "affected", "versions": [{"version": "0:4.16.0.14-1.el9sat", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9", "cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rubygem-rubyipmi", "defaultStatus": "affected", "versions": [{"version": "0:0.13.0-1.el9sat", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9", "cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "satellite", "defaultStatus": "affected", "versions": [{"version": "0:6.17.7-1.el9sat", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9", "cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "yggdrasil-worker-forwarder", "defaultStatus": "affected", "versions": [{"version": "0:0.0.3-4.el9sat", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9", "cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.18 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "foreman", "defaultStatus": "affected", "versions": [{"version": "0:3.16.0.12-1.el9sat", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite_capsule:6.18::el9", "cpe:/a:redhat:satellite:6.18::el9", "cpe:/a:redhat:satellite_utils:6.18::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "satellite-utils:el8/foreman", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:satellite:6"]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2026:5968", "name": "RHSA-2026:5968", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:5970", "name": "RHSA-2026:5970", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:5971", "name": "RHSA-2026:5971", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2026-1961", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437036", "name": "RHBZ#2437036", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2026-03-26T12:30:45.446Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-78", "description": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}], "timeline": [{"lang": "en", "time": "2026-02-05T10:40:57.141Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-03-26T12:30:45.446Z", "value": "Made public."}], "credits": [{"lang": "en", "value": "Red Hat would like to thank Houssam Sahli for reporting this issue."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-04-08T11:23:19.413Z"}, "x_generator": {"engine": "cvelib 1.8.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-26T13:11:15.689121Z", "id": "CVE-2026-1961", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T13:11:42.162Z"}}, {"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2026/03/27/3"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-03-27T16:18:13.602Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2026/03/27/3"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-03-27T16:18:13.602Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-1961", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-26T13:11:15.689121Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T13:11:38.229Z"}}], "cna": {"title": "Forman: foreman: remote code execution via command injection in websocket proxy", "credits": [{"lang": "en", "value": "Red Hat would like to thank Houssam Sahli for reporting this issue."}], "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"cpes": ["cpe:/a:redhat:satellite_utils:6.16::el8", "cpe:/a:redhat:satellite:6.16::el9", "cpe:/a:redhat:satellite_utils:6.16::el9", "cpe:/a:redhat:satellite:6.16::el8", "cpe:/a:redhat:satellite_capsule:6.16::el8", "cpe:/a:redhat:satellite_capsule:6.16::el9", "cpe:/a:redhat:satellite_maintenance:6.16::el9"], "vendor": "Red Hat", "product": "Red Hat Satellite 6.16 for RHEL 8", "versions": [{"status": "unaffected", "version": "0:3.12.0.14-1.el8sat", "lessThan": "*", "versionType": "rpm"}], "packageName": "foreman", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:satellite_utils:6.16::el8", "cpe:/a:redhat:satellite:6.16::el9", "cpe:/a:redhat:satellite_utils:6.16::el9", "cpe:/a:redhat:satellite:6.16::el8", "cpe:/a:redhat:satellite_capsule:6.16::el8", "cpe:/a:redhat:satellite_capsule:6.16::el9", "cpe:/a:redhat:satellite_maintenance:6.16::el9"], "vendor": "Red Hat", "product": "Red Hat Satellite 6.16 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:3.12.0.14-1.el9sat", "lessThan": "*", "versionType": "rpm"}], "packageName": "foreman", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9", "cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9"], "vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:3.14.0.14-1.el9sat", "lessThan": "*", "versionType": "rpm"}], "packageName": "foreman", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9", "cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9"], "vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:0.1.23-0.3.el9pc", "lessThan": "*", "versionType": "rpm"}], "packageName": "libcomps", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9", "cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9"], "vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:1.2.0-0.1.el9pc", "lessThan": "*", "versionType": "rpm"}], "packageName": "python-brotli", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9", "cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9"], "vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:4.2.28-0.1.el9pc", "lessThan": "*", "versionType": "rpm"}], "packageName": "python-django", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9", "cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9"], "vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:2.22.3-1.el9pc", "lessThan": "*", "versionType": "rpm"}], "packageName": "python-pulp-container", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9", "cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9"], "vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:3.27.10-2.el9pc", "lessThan": "*", "versionType": "rpm"}], "packageName": "python-pulp-rpm", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9", "cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9"], "vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:1.5.1-1.el9sat", "lessThan": "*", "versionType": "rpm"}], "packageName": "rubygem-fog-kubevirt", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9", "cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9"], "vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:0.4.3-1.el9sat", "lessThan": "*", "versionType": "rpm"}], "packageName": "rubygem-foreman_kubevirt", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9", "cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9"], "vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:4.16.0.14-1.el9sat", "lessThan": "*", "versionType": "rpm"}], "packageName": "rubygem-katello", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9", "cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9"], "vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:0.13.0-1.el9sat", "lessThan": "*", "versionType": "rpm"}], "packageName": "rubygem-rubyipmi", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9", "cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9"], "vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:6.17.7-1.el9sat", "lessThan": "*", "versionType": "rpm"}], "packageName": "satellite", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9", "cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9"], "vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:0.0.3-4.el9sat", "lessThan": "*", "versionType": "rpm"}], "packageName": "yggdrasil-worker-forwarder", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9", "cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9"], "vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:3.14.0.14-1.el9sat", "lessThan": "*", "versionType": "rpm"}], "packageName": "foreman", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9", "cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9"], "vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:0.1.23-0.3.el9pc", "lessThan": "*", "versionType": "rpm"}], "packageName": "libcomps", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9", "cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9"], "vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:1.2.0-0.1.el9pc", "lessThan": "*", "versionType": "rpm"}], "packageName": "python-brotli", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9", "cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9"], "vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:4.2.28-0.1.el9pc", "lessThan": "*", "versionType": "rpm"}], "packageName": "python-django", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9", "cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9"], "vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:2.22.3-1.el9pc", "lessThan": "*", "versionType": "rpm"}], "packageName": "python-pulp-container", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9", "cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9"], "vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:3.27.10-2.el9pc", "lessThan": "*", "versionType": "rpm"}], "packageName": "python-pulp-rpm", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9", "cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9"], "vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:1.5.1-1.el9sat", "lessThan": "*", "versionType": "rpm"}], "packageName": "rubygem-fog-kubevirt", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9", "cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9"], "vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:0.4.3-1.el9sat", "lessThan": "*", "versionType": "rpm"}], "packageName": "rubygem-foreman_kubevirt", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9", "cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9"], "vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:4.16.0.14-1.el9sat", "lessThan": "*", "versionType": "rpm"}], "packageName": "rubygem-katello", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9", "cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9"], "vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:0.13.0-1.el9sat", "lessThan": "*", "versionType": "rpm"}], "packageName": "rubygem-rubyipmi", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9", "cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9"], "vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:6.17.7-1.el9sat", "lessThan": "*", "versionType": "rpm"}], "packageName": "satellite", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9", "cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9"], "vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:0.0.3-4.el9sat", "lessThan": "*", "versionType": "rpm"}], "packageName": "yggdrasil-worker-forwarder", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:satellite_capsule:6.18::el9", "cpe:/a:redhat:satellite:6.18::el9", "cpe:/a:redhat:satellite_utils:6.18::el9"], "vendor": "Red Hat", "product": "Red Hat Satellite 6.18 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:3.16.0.12-1.el9sat", "lessThan": "*", "versionType": "rpm"}], "packageName": "foreman", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:satellite:6"], "vendor": "Red Hat", "product": "Red Hat Satellite 6", "packageName": "satellite-utils:el8/foreman", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}], "timeline": [{"lang": "en", "time": "2026-02-05T10:40:57.141Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-03-26T12:30:45.446Z", "value": "Made public."}], "datePublic": "2026-03-26T12:30:45.446Z", "references": [{"url": "https://access.redhat.com/errata/RHSA-2026:5968", "name": "RHSA-2026:5968", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:5970", "name": "RHSA-2026:5970", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:5971", "name": "RHSA-2026:5971", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2026-1961", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437036", "name": "RHBZ#2437036", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}], "x_generator": {"engine": "cvelib 1.8.0"}, "descriptions": [{"lang": "en", "value": "A flaw was found in Foreman. A remote attacker could exploit a command injection vulnerability in Foreman's WebSocket proxy implementation. This vulnerability arises from the system's use of unsanitized hostname values from compute resource providers when constructing shell commands. By operating a malicious compute resource server, an attacker could achieve remote code execution on the Foreman server when a user accesses VM VNC console functionality. This could lead to the compromise of sensitive credentials and the entire managed infrastructure."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-04-08T11:23:19.413Z"}, "x_redhatCweChain": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}}, "cveMetadata": {"cveId": "CVE-2026-1961", "state": "PUBLISHED", "dateUpdated": "2026-04-08T11:23:19.413Z", "dateReserved": "2026-02-05T10:43:18.671Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2026-03-26T12:53:09.566Z", "assignerShortName": "redhat"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in Foreman. A remote attacker could exploit a command injection vulnerability in Foreman's WebSocket proxy implementation. This vulnerability arises from the system's use of unsanitized hostname values from compute resource providers when constructing shell commands. By operating a malicious compute resource server, an attacker could achieve remote code execution on the Foreman server when a user accesses VM VNC console functionality. This could lead to the compromise of sensitive credentials and the entire managed infrastructure."}, {"lang": "es", "value": "Se encontr\u00f3 un fallo en Foreman. Un atacante remoto podr\u00eda explotar una vulnerabilidad de inyecci\u00f3n de comandos en la implementaci\u00f3n del proxy WebSocket de Foreman. Esta vulnerabilidad surge del uso por parte del sistema de valores de nombre de host no saneados de proveedores de recursos de c\u00f3mputo al construir comandos de shell. Al operar un servidor de recursos de c\u00f3mputo malicioso, un atacante podr\u00eda lograr la ejecuci\u00f3n remota de c\u00f3digo en el servidor de Foreman cuando un usuario accede a la funcionalidad de la consola VNC de una VM. Esto podr\u00eda llevar al compromiso de credenciales sensibles y de toda la infraestructura gestionada."}], "id": "CVE-2026-1961", "lastModified": "2026-04-08T12:16:20.597", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 5.9, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2026-03-26T13:16:27.650", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2026:5968"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2026:5970"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2026:5971"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/security/cve/CVE-2026-1961"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437036"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2026/03/27/3"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "secalert@redhat.com", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Houssam Sahli for reporting this issue.", "affected_release": [{"advisory": "RHSA-2026:5971", "cpe": "cpe:/a:redhat:satellite_utils:6.16::el8", "package": "foreman-0:3.12.0.14-1.el8sat", "product_name": "Red Hat Satellite 6.16 for RHEL 8", "release_date": "2026-03-26T00:00:00Z"}, {"advisory": "RHSA-2026:5971", "cpe": "cpe:/a:redhat:satellite_utils:6.16::el9", "package": "foreman-0:3.12.0.14-1.el9sat", "product_name": "Red Hat Satellite 6.16 for RHEL 9", "release_date": "2026-03-26T00:00:00Z"}, {"advisory": "RHSA-2026:5970", "cpe": "cpe:/a:redhat:satellite_maintenance:6.17::el9", "package": "foreman-0:3.14.0.14-1.el9sat", "product_name": "Red Hat Satellite 6.17 for RHEL 9", "release_date": "2026-03-26T00:00:00Z"}, {"advisory": "RHSA-2026:5970", "cpe": "cpe:/a:redhat:satellite_maintenance:6.17::el9", "package": "libcomps-0:0.1.23-0.3.el9pc", "product_name": "Red Hat Satellite 6.17 for RHEL 9", "release_date": "2026-03-26T00:00:00Z"}, {"advisory": "RHSA-2026:5970", "cpe": "cpe:/a:redhat:satellite_maintenance:6.17::el9", "package": "python-brotli-0:1.2.0-0.1.el9pc", "product_name": "Red Hat Satellite 6.17 for RHEL 9", "release_date": "2026-03-26T00:00:00Z"}, {"advisory": "RHSA-2026:5970", "cpe": "cpe:/a:redhat:satellite_maintenance:6.17::el9", "package": "python-django-0:4.2.28-0.1.el9pc", "product_name": "Red Hat Satellite 6.17 for RHEL 9", "release_date": "2026-03-26T00:00:00Z"}, {"advisory": "RHSA-2026:5970", "cpe": "cpe:/a:redhat:satellite_maintenance:6.17::el9", "package": "python-pulp-container-0:2.22.3-1.el9pc", "product_name": "Red Hat Satellite 6.17 for RHEL 9", "release_date": "2026-03-26T00:00:00Z"}, {"advisory": "RHSA-2026:5970", "cpe": "cpe:/a:redhat:satellite_maintenance:6.17::el9", "package": "python-pulp-rpm-0:3.27.10-2.el9pc", "product_name": "Red Hat Satellite 6.17 for RHEL 9", "release_date": "2026-03-26T00:00:00Z"}, {"advisory": "RHSA-2026:5970", "cpe": "cpe:/a:redhat:satellite_maintenance:6.17::el9", "package": "rubygem-fog-kubevirt-0:1.5.1-1.el9sat", "product_name": "Red Hat Satellite 6.17 for RHEL 9", "release_date": "2026-03-26T00:00:00Z"}, {"advisory": "RHSA-2026:5970", "cpe": "cpe:/a:redhat:satellite_maintenance:6.17::el9", "package": "rubygem-foreman_kubevirt-0:0.4.3-1.el9sat", "product_name": "Red Hat Satellite 6.17 for RHEL 9", "release_date": "2026-03-26T00:00:00Z"}, {"advisory": "RHSA-2026:5970", "cpe": "cpe:/a:redhat:satellite_maintenance:6.17::el9", "package": "rubygem-katello-0:4.16.0.14-1.el9sat", "product_name": "Red Hat Satellite 6.17 for RHEL 9", "release_date": "2026-03-26T00:00:00Z"}, {"advisory": "RHSA-2026:5970", "cpe": "cpe:/a:redhat:satellite_maintenance:6.17::el9", "package": "rubygem-rubyipmi-0:0.13.0-1.el9sat", "product_name": "Red Hat Satellite 6.17 for RHEL 9", "release_date": "2026-03-26T00:00:00Z"}, {"advisory": "RHSA-2026:5970", "cpe": "cpe:/a:redhat:satellite_maintenance:6.17::el9", "package": "satellite-0:6.17.7-1.el9sat", "product_name": "Red Hat Satellite 6.17 for RHEL 9", "release_date": "2026-03-26T00:00:00Z"}, {"advisory": "RHSA-2026:5970", "cpe": "cpe:/a:redhat:satellite_maintenance:6.17::el9", "package": "yggdrasil-worker-forwarder-0:0.0.3-4.el9sat", "product_name": "Red Hat Satellite 6.17 for RHEL 9", "release_date": "2026-03-26T00:00:00Z"}, {"advisory": "RHSA-2026:5970", "cpe": "cpe:/a:redhat:satellite_utils:6.17::el9", "package": "foreman-0:3.14.0.14-1.el9sat", "product_name": "Red Hat Satellite 6.17 for RHEL 9", "release_date": "2026-03-26T00:00:00Z"}, {"advisory": "RHSA-2026:5970", "cpe": "cpe:/a:redhat:satellite_utils:6.17::el9", "package": "libcomps-0:0.1.23-0.3.el9pc", "product_name": "Red Hat Satellite 6.17 for RHEL 9", "release_date": "2026-03-26T00:00:00Z"}, {"advisory": "RHSA-2026:5970", "cpe": "cpe:/a:redhat:satellite_utils:6.17::el9", "package": "python-brotli-0:1.2.0-0.1.el9pc", "product_name": "Red Hat Satellite 6.17 for RHEL 9", "release_date": "2026-03-26T00:00:00Z"}, {"advisory": "RHSA-2026:5970", "cpe": "cpe:/a:redhat:satellite_utils:6.17::el9", "package": "python-django-0:4.2.28-0.1.el9pc", "product_name": "Red Hat Satellite 6.17 for RHEL 9", "release_date": "2026-03-26T00:00:00Z"}, {"advisory": "RHSA-2026:5970", "cpe": "cpe:/a:redhat:satellite_utils:6.17::el9", "package": "python-pulp-container-0:2.22.3-1.el9pc", "product_name": "Red Hat Satellite 6.17 for RHEL 9", "release_date": "2026-03-26T00:00:00Z"}, {"advisory": "RHSA-2026:5970", "cpe": "cpe:/a:redhat:satellite_utils:6.17::el9", "package": "python-pulp-rpm-0:3.27.10-2.el9pc", "product_name": "Red Hat Satellite 6.17 for RHEL 9", "release_date": "2026-03-26T00:00:00Z"}, {"advisory": "RHSA-2026:5970", "cpe": "cpe:/a:redhat:satellite_utils:6.17::el9", "package": "rubygem-fog-kubevirt-0:1.5.1-1.el9sat", "product_name": "Red Hat Satellite 6.17 for RHEL 9", "release_date": "2026-03-26T00:00:00Z"}, {"advisory": "RHSA-2026:5970", "cpe": "cpe:/a:redhat:satellite_utils:6.17::el9", "package": "rubygem-foreman_kubevirt-0:0.4.3-1.el9sat", "product_name": "Red Hat Satellite 6.17 for RHEL 9", "release_date": "2026-03-26T00:00:00Z"}, {"advisory": "RHSA-2026:5970", "cpe": "cpe:/a:redhat:satellite_utils:6.17::el9", "package": "rubygem-katello-0:4.16.0.14-1.el9sat", "product_name": "Red Hat Satellite 6.17 for RHEL 9", "release_date": "2026-03-26T00:00:00Z"}, {"advisory": "RHSA-2026:5970", "cpe": "cpe:/a:redhat:satellite_utils:6.17::el9", "package": "rubygem-rubyipmi-0:0.13.0-1.el9sat", "product_name": "Red Hat Satellite 6.17 for RHEL 9", "release_date": "2026-03-26T00:00:00Z"}, {"advisory": "RHSA-2026:5970", "cpe": "cpe:/a:redhat:satellite_utils:6.17::el9", "package": "satellite-0:6.17.7-1.el9sat", "product_name": "Red Hat Satellite 6.17 for RHEL 9", "release_date": "2026-03-26T00:00:00Z"}, {"advisory": "RHSA-2026:5970", "cpe": "cpe:/a:redhat:satellite_utils:6.17::el9", "package": "yggdrasil-worker-forwarder-0:0.0.3-4.el9sat", "product_name": "Red Hat Satellite 6.17 for RHEL 9", "release_date": "2026-03-26T00:00:00Z"}, {"advisory": "RHSA-2026:5968", "cpe": "cpe:/a:redhat:satellite_utils:6.18::el9", "package": "foreman-0:3.16.0.12-1.el9sat", "product_name": "Red Hat Satellite 6.18 for RHEL 9", "release_date": "2026-03-26T00:00:00Z"}], "bugzilla": {"description": "forman: Foreman: Remote Code Execution via command injection in WebSocket proxy", "id": "2437036", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437036"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.0", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "status": "verified"}, "details": ["A flaw was found in Foreman. A remote attacker could exploit a command injection vulnerability in Foreman's WebSocket proxy implementation. This vulnerability arises from the system's use of unsanitized hostname values from compute resource providers when constructing shell commands. By operating a malicious compute resource server, an attacker could achieve remote code execution on the Foreman server when a user accesses VM VNC console functionality. This could lead to the compromise of sensitive credentials and the entire managed infrastructure."], "name": "CVE-2026-1961", "package_state": [{"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Affected", "package_name": "satellite-utils:el8/foreman", "product_name": "Red Hat Satellite 6"}], "public_date": "2026-03-26T12:30:45Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-1961\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-1961"], "statement": "This issue was rated as Important. Command injection vulnerability in Foreman's WebSocket proxy. Exploitation occurs when an administrator configures a malicious compute resource server and subsequently accesses its VM console functionality. Successful exploitation can lead to remote code execution on the Foreman server, potentially compromising sensitive credentials and the entire managed infrastructure.", "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": null}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Red Hat Satellite 6", "source": "cna", "vendor": "Red Hat"}, "product": "red_hat_satellite_6", "vendor": "red_hat"}, {"configurations": [{"platform": null, "status": "affected", "versions": null}], "original": {"product": "Red Hat Satellite 6", "source": "cna", "vendor": "Red Hat"}, "product": "satellite", "vendor": "redhat"}], "analysis": {"en": {"generated_at": "2026-03-27T21:21:26.445102+00:00", "value": {"mitigation_remediation": ["Apply the Red\u00a0Hat errata RHSA\u20112026:5968, RHSA\u20112026:5970, and RHSA\u20112026:5971 to update all affected Satellite products to the patched versions.", "Verify that the Satellite server is running the most recent 6.x release for your platform (RHEL\u00a08 or RHEL\u00a09).", "Restrict the list of compute resource providers or ensure hostnames are validated and sanitized before being used by the WebSocket proxy.", "Limit external access to the VNC console functionality for administrators until a patch is applied."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "Red Hat Satellite (versions 6, 6.16, 6.17, 6.18) running on RHEL 8 or 9, including Satellite Capsule, Satellite Maintenance, and Satellite Utils components. These products are listed by the CNA and affect multiple minor releases in both RHEL 8 and RHEL 9 distributions.", "description_and_impact": "An attacker can achieve remote code execution by exploiting an unsanitized hostname in Foreman's WebSocket proxy, which is used when building shell commands. The flaw allows injection of arbitrary shell commands if the attacker can control the hostname returned by a compute resource provider. Successful exploitation could compromise credentials stored on the system and ultimately control the entire managed infrastructure.", "risk_and_exploitability": "The vulnerability has a CVSS score of 8 and an EPSS score below 1%, indicating low current exploitation probability. It is not listed in the CISA KEV catalog. A likely attack vector involves an attacker operating a malicious compute resource, providing a hostname that is used by Foreman's proxy. When an authenticated user accesses VNC console functionality, the unsanitized hostname is incorporated into a shell command, allowing arbitrary code execution. Because the flaw requires control over a compute resource, initial access may be limited, but the impact of successful exploitation is severe."}}}}, "created": "2026-03-27T08:35:50.699223+00:00", "updated": "2026-03-29T20:27:54.634236+00:00", "vendors": ["red_hat", "red_hat$PRODUCT$red_hat_satellite_6", "redhat", "redhat$PRODUCT$satellite"], "weaknesses": ["CWE-78"]}