CVE-2026-5135
MEDIUM
6.5
CVSS 3.1
Description
A flaw was found in Foreman. This broken access control vulnerability allows an authenticated user with host-edit permissions to retarget an existing lookup value override to a different host. This is achieved by modifying the match field through nested host attributes, effectively bypassing authorisation checks. The consequence is the potential for unauthorised modification of managed host configurations across different organisational and location boundaries.
Metadata
Severity & Metrics
6.5
MEDIUM CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
SSVC — CISA Coordinator
Affected products (6)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| Red Hat | Red Hat Satellite 6 | — | — |
| Red Hat | Red Hat Satellite 6.16 for RHEL 8 | — | 0:3.12.0.17-1.el8sat < * |
| Red Hat | Red Hat Satellite 6.16 for RHEL 9 | — | 0:3.12.0.17-1.el9sat < * |
| Red Hat | Red Hat Satellite 6.17 for RHEL 9 | — | 0:3.14.0.17-1.el9sat < * |
| Red Hat | Red Hat Satellite 6.18 for RHEL 9 | — | 0:3.16.0.17-1.el9sat < * |
| Red Hat | Red Hat Satellite 6.19 for RHEL 9 | — | 0:3.18.0.7-1.el9sat < * |
Weakness (CWE)
| CWE | Source | Description |
|---|---|---|
| CWE-639 | cna | Authorization Bypass Through User-Controlled Key |
CVSS scores (1)
| Score | Severity | Version | Source | Vector |
|---|---|---|---|---|
| 6.5 | MEDIUM | 3.1 | cna | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
References (6)
- RHSA-2026:34365 https://access.redhat.com/errata/RHSA-2026:34365
- RHSA-2026:34366 https://access.redhat.com/errata/RHSA-2026:34366
- RHSA-2026:34367 https://access.redhat.com/errata/RHSA-2026:34367
- RHSA-2026:34368 https://access.redhat.com/errata/RHSA-2026:34368
- https://access.redhat.com/security/cve/CVE-2026-5135
- RHBZ#2452230 https://bugzilla.redhat.com/show_bug.cgi?id=2452230