CVE-2026-5136
HIGH
8.8
CVSS 3.1
Description
A flaw was found in Foreman. The Usergroup model in Foreman does not properly validate role assignments against the calling user's permissions. This allows an authenticated user with usergroup management permissions to attach arbitrary roles, including administrative roles, to a user group and then add themselves as a member. Successful exploitation of this vulnerability leads to full privilege escalation, granting the attacker administrator-level access.
Metadata
Severity & Metrics
8.8
HIGH CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
SSVC — CISA Coordinator
Affected products (6)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| Red Hat | Red Hat Satellite 6 | — | — |
| Red Hat | Red Hat Satellite 6.16 for RHEL 8 | — | 0:3.12.0.17-1.el8sat < * |
| Red Hat | Red Hat Satellite 6.16 for RHEL 9 | — | 0:3.12.0.17-1.el9sat < * |
| Red Hat | Red Hat Satellite 6.17 for RHEL 9 | — | 0:3.14.0.17-1.el9sat < * |
| Red Hat | Red Hat Satellite 6.18 for RHEL 9 | — | 0:3.16.0.17-1.el9sat < * |
| Red Hat | Red Hat Satellite 6.19 for RHEL 9 | — | 0:3.18.0.7-1.el9sat < * |
Weakness (CWE)
| CWE | Source | Description |
|---|---|---|
| CWE-266 | cna | Incorrect Privilege Assignment |
CVSS scores (1)
| Score | Severity | Version | Source | Vector |
|---|---|---|---|---|
| 8.8 | HIGH | 3.1 | cna | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
References (6)
- RHSA-2026:34365 https://access.redhat.com/errata/RHSA-2026:34365
- RHSA-2026:34366 https://access.redhat.com/errata/RHSA-2026:34366
- RHSA-2026:34367 https://access.redhat.com/errata/RHSA-2026:34367
- RHSA-2026:34368 https://access.redhat.com/errata/RHSA-2026:34368
- https://access.redhat.com/security/cve/CVE-2026-5136
- RHBZ#2452970 https://bugzilla.redhat.com/show_bug.cgi?id=2452970