{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-1961", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2026-02-05T10:43:18.671Z", "datePublished": "2026-03-26T12:53:09.566Z", "dateUpdated": "2026-03-27T16:18:13.602Z"}, "containers": {"cna": {"title": "Forman: foreman: remote code execution via command injection in websocket proxy", "metrics": [{"other": {"content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in Foreman. A remote attacker could exploit a command injection vulnerability in Foreman's WebSocket proxy implementation. This vulnerability arises from the system's use of unsanitized hostname values from compute resource providers when constructing shell commands. By operating a malicious compute resource server, an attacker could achieve remote code execution on the Foreman server when a user accesses VM VNC console functionality. This could lead to the compromise of sensitive credentials and the entire managed infrastructure."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat Satellite 6.16 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "foreman", "defaultStatus": "affected", "versions": [{"version": "0:3.12.0.14-1.el8sat", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite:6.16::el8", "cpe:/a:redhat:satellite_utils:6.16::el8", "cpe:/a:redhat:satellite_capsule:6.16::el9", "cpe:/a:redhat:satellite_capsule:6.16::el8", "cpe:/a:redhat:satellite_utils:6.16::el9", "cpe:/a:redhat:satellite_maintenance:6.16::el9", "cpe:/a:redhat:satellite:6.16::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.16 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "foreman", "defaultStatus": "affected", "versions": [{"version": "0:3.12.0.14-1.el9sat", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite:6.16::el8", "cpe:/a:redhat:satellite_utils:6.16::el8", "cpe:/a:redhat:satellite_capsule:6.16::el9", "cpe:/a:redhat:satellite_capsule:6.16::el8", "cpe:/a:redhat:satellite_utils:6.16::el9", "cpe:/a:redhat:satellite_maintenance:6.16::el9", "cpe:/a:redhat:satellite:6.16::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "foreman", "defaultStatus": "affected", "versions": [{"version": "0:3.14.0.14-1.el9sat", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libcomps", "defaultStatus": "affected", "versions": [{"version": "0:0.1.23-0.3.el9pc", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "python-brotli", "defaultStatus": "affected", "versions": [{"version": "0:1.2.0-0.1.el9pc", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "python-django", "defaultStatus": "affected", "versions": [{"version": "0:4.2.28-0.1.el9pc", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "python-pulp-container", "defaultStatus": "affected", "versions": [{"version": "0:2.22.3-1.el9pc", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "python-pulp-rpm", "defaultStatus": "affected", "versions": [{"version": "0:3.27.10-2.el9pc", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rubygem-fog-kubevirt", "defaultStatus": "affected", "versions": [{"version": "0:1.5.1-1.el9sat", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rubygem-foreman_kubevirt", "defaultStatus": "affected", "versions": [{"version": "0:0.4.3-1.el9sat", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rubygem-katello", "defaultStatus": "affected", "versions": [{"version": "0:4.16.0.14-1.el9sat", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rubygem-rubyipmi", "defaultStatus": "affected", "versions": [{"version": "0:0.13.0-1.el9sat", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "satellite", "defaultStatus": "affected", "versions": [{"version": "0:6.17.7-1.el9sat", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "yggdrasil-worker-forwarder", "defaultStatus": "affected", "versions": [{"version": "0:0.0.3-4.el9sat", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "foreman", "defaultStatus": "affected", "versions": [{"version": "0:3.14.0.14-1.el9sat", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libcomps", "defaultStatus": "affected", "versions": [{"version": "0:0.1.23-0.3.el9pc", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "python-brotli", "defaultStatus": "affected", "versions": [{"version": "0:1.2.0-0.1.el9pc", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "python-django", "defaultStatus": "affected", "versions": [{"version": "0:4.2.28-0.1.el9pc", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "python-pulp-container", "defaultStatus": "affected", "versions": [{"version": "0:2.22.3-1.el9pc", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "python-pulp-rpm", "defaultStatus": "affected", "versions": [{"version": "0:3.27.10-2.el9pc", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rubygem-fog-kubevirt", "defaultStatus": "affected", "versions": [{"version": "0:1.5.1-1.el9sat", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rubygem-foreman_kubevirt", "defaultStatus": "affected", "versions": [{"version": "0:0.4.3-1.el9sat", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rubygem-katello", "defaultStatus": "affected", "versions": [{"version": "0:4.16.0.14-1.el9sat", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rubygem-rubyipmi", "defaultStatus": "affected", "versions": [{"version": "0:0.13.0-1.el9sat", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "satellite", "defaultStatus": "affected", "versions": [{"version": "0:6.17.7-1.el9sat", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "yggdrasil-worker-forwarder", "defaultStatus": "affected", "versions": [{"version": "0:0.0.3-4.el9sat", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.18 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "foreman", "defaultStatus": "affected", "versions": [{"version": "0:3.16.0.12-1.el9sat", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite_utils:6.18::el9", "cpe:/a:redhat:satellite:6.18::el9", "cpe:/a:redhat:satellite_capsule:6.18::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "satellite-utils:el8/foreman", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:satellite:6"]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2026:5968", "name": "RHSA-2026:5968", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:5970", "name": "RHSA-2026:5970", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:5971", "name": "RHSA-2026:5971", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2026-1961", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437036", "name": "RHBZ#2437036", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2026-03-26T12:30:45.446Z", "timeline": [{"lang": "en", "time": "2026-02-05T10:40:57.141Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-03-26T12:30:45.446Z", "value": "Made public."}], "credits": [{"lang": "en", "value": "Red Hat would like to thank Houssam Sahli for reporting this issue."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-03-26T23:00:16.222Z"}, "x_generator": {"engine": "cvelib 1.8.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-26T13:11:15.689121Z", "id": "CVE-2026-1961", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T13:11:42.162Z"}}, {"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2026/03/27/3"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-03-27T16:18:13.602Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-1961", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-26T13:11:15.689121Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T13:11:38.229Z"}}], "cna": {"title": "Forman: foreman: remote code execution via command injection in websocket proxy", "credits": [{"lang": "en", "value": "Red Hat would like to thank Houssam Sahli for reporting this issue."}], "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"cpes": ["cpe:/a:redhat:satellite:6.16::el8", "cpe:/a:redhat:satellite_utils:6.16::el8", "cpe:/a:redhat:satellite_capsule:6.16::el9", "cpe:/a:redhat:satellite_capsule:6.16::el8", "cpe:/a:redhat:satellite_utils:6.16::el9", "cpe:/a:redhat:satellite_maintenance:6.16::el9", "cpe:/a:redhat:satellite:6.16::el9"], "vendor": "Red Hat", "product": "Red Hat Satellite 6.16 for RHEL 8", "versions": [{"status": "unaffected", "version": "0:3.12.0.14-1.el8sat", "lessThan": "*", "versionType": "rpm"}], "packageName": "foreman", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:satellite:6.16::el8", "cpe:/a:redhat:satellite_utils:6.16::el8", "cpe:/a:redhat:satellite_capsule:6.16::el9", "cpe:/a:redhat:satellite_capsule:6.16::el8", "cpe:/a:redhat:satellite_utils:6.16::el9", "cpe:/a:redhat:satellite_maintenance:6.16::el9", "cpe:/a:redhat:satellite:6.16::el9"], "vendor": "Red Hat", "product": "Red Hat Satellite 6.16 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:3.12.0.14-1.el9sat", "lessThan": "*", "versionType": "rpm"}], "packageName": "foreman", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9"], "vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:3.14.0.14-1.el9sat", "lessThan": "*", "versionType": "rpm"}], "packageName": "foreman", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9"], "vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:0.1.23-0.3.el9pc", "lessThan": "*", "versionType": "rpm"}], "packageName": "libcomps", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9"], "vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:1.2.0-0.1.el9pc", "lessThan": "*", "versionType": "rpm"}], "packageName": "python-brotli", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9"], "vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:4.2.28-0.1.el9pc", "lessThan": "*", "versionType": "rpm"}], "packageName": "python-django", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9"], "vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:2.22.3-1.el9pc", "lessThan": "*", "versionType": "rpm"}], "packageName": "python-pulp-container", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9"], "vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:3.27.10-2.el9pc", "lessThan": "*", "versionType": "rpm"}], "packageName": "python-pulp-rpm", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9"], "vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:1.5.1-1.el9sat", "lessThan": "*", "versionType": "rpm"}], "packageName": "rubygem-fog-kubevirt", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9"], "vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:0.4.3-1.el9sat", "lessThan": "*", "versionType": "rpm"}], "packageName": "rubygem-foreman_kubevirt", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9"], "vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:4.16.0.14-1.el9sat", "lessThan": "*", "versionType": "rpm"}], "packageName": "rubygem-katello", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9"], "vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:0.13.0-1.el9sat", "lessThan": "*", "versionType": "rpm"}], "packageName": "rubygem-rubyipmi", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9"], "vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:6.17.7-1.el9sat", "lessThan": "*", "versionType": "rpm"}], "packageName": "satellite", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9"], "vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:0.0.3-4.el9sat", "lessThan": "*", "versionType": "rpm"}], "packageName": "yggdrasil-worker-forwarder", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9"], "vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:3.14.0.14-1.el9sat", "lessThan": "*", "versionType": "rpm"}], "packageName": "foreman", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9"], "vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:0.1.23-0.3.el9pc", "lessThan": "*", "versionType": "rpm"}], "packageName": "libcomps", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9"], "vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:1.2.0-0.1.el9pc", "lessThan": "*", "versionType": "rpm"}], "packageName": "python-brotli", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9"], "vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:4.2.28-0.1.el9pc", "lessThan": "*", "versionType": "rpm"}], "packageName": "python-django", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9"], "vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:2.22.3-1.el9pc", "lessThan": "*", "versionType": "rpm"}], "packageName": "python-pulp-container", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9"], "vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:3.27.10-2.el9pc", "lessThan": "*", "versionType": "rpm"}], "packageName": "python-pulp-rpm", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9"], "vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:1.5.1-1.el9sat", "lessThan": "*", "versionType": "rpm"}], "packageName": "rubygem-fog-kubevirt", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9"], "vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:0.4.3-1.el9sat", "lessThan": "*", "versionType": "rpm"}], "packageName": "rubygem-foreman_kubevirt", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9"], "vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:4.16.0.14-1.el9sat", "lessThan": "*", "versionType": "rpm"}], "packageName": "rubygem-katello", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9"], "vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:0.13.0-1.el9sat", "lessThan": "*", "versionType": "rpm"}], "packageName": "rubygem-rubyipmi", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9"], "vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:6.17.7-1.el9sat", "lessThan": "*", "versionType": "rpm"}], "packageName": "satellite", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:satellite_capsule:6.17::el9", "cpe:/a:redhat:satellite:6.17::el9", "cpe:/a:redhat:satellite_maintenance:6.17::el9", "cpe:/a:redhat:satellite_utils:6.17::el9"], "vendor": "Red Hat", "product": "Red Hat Satellite 6.17 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:0.0.3-4.el9sat", "lessThan": "*", "versionType": "rpm"}], "packageName": "yggdrasil-worker-forwarder", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:satellite_utils:6.18::el9", "cpe:/a:redhat:satellite:6.18::el9", "cpe:/a:redhat:satellite_capsule:6.18::el9"], "vendor": "Red Hat", "product": "Red Hat Satellite 6.18 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:3.16.0.12-1.el9sat", "lessThan": "*", "versionType": "rpm"}], "packageName": "foreman", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:satellite:6"], "vendor": "Red Hat", "product": "Red Hat Satellite 6", "packageName": "satellite-utils:el8/foreman", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}], "timeline": [{"lang": "en", "time": "2026-02-05T10:40:57.141Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-03-26T12:30:45.446Z", "value": "Made public."}], "datePublic": "2026-03-26T12:30:45.446Z", "references": [{"url": "https://access.redhat.com/errata/RHSA-2026:5968", "name": "RHSA-2026:5968", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:5970", "name": "RHSA-2026:5970", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:5971", "name": "RHSA-2026:5971", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2026-1961", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437036", "name": "RHBZ#2437036", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "x_generator": {"engine": "cvelib 1.8.0"}, "descriptions": [{"lang": "en", "value": "A flaw was found in Foreman. A remote attacker could exploit a command injection vulnerability in Foreman's WebSocket proxy implementation. This vulnerability arises from the system's use of unsanitized hostname values from compute resource providers when constructing shell commands. By operating a malicious compute resource server, an attacker could achieve remote code execution on the Foreman server when a user accesses VM VNC console functionality. This could lead to the compromise of sensitive credentials and the entire managed infrastructure."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-03-26T23:00:16.222Z"}}}, "cveMetadata": {"cveId": "CVE-2026-1961", "state": "PUBLISHED", "dateUpdated": "2026-03-26T23:00:16.222Z", "dateReserved": "2026-02-05T10:43:18.671Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2026-03-26T12:53:09.566Z", "assignerShortName": "redhat"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in Foreman. A remote attacker could exploit a command injection vulnerability in Foreman's WebSocket proxy implementation. This vulnerability arises from the system's use of unsanitized hostname values from compute resource providers when constructing shell commands. By operating a malicious compute resource server, an attacker could achieve remote code execution on the Foreman server when a user accesses VM VNC console functionality. This could lead to the compromise of sensitive credentials and the entire managed infrastructure."}, {"lang": "es", "value": "Se encontr\u00f3 un fallo en Foreman. Un atacante remoto podr\u00eda explotar una vulnerabilidad de inyecci\u00f3n de comandos en la implementaci\u00f3n del proxy WebSocket de Foreman. Esta vulnerabilidad surge del uso por parte del sistema de valores de nombre de host no saneados de proveedores de recursos de c\u00f3mputo al construir comandos de shell. Al operar un servidor de recursos de c\u00f3mputo malicioso, un atacante podr\u00eda lograr la ejecuci\u00f3n remota de c\u00f3digo en el servidor de Foreman cuando un usuario accede a la funcionalidad de la consola VNC de una VM. Esto podr\u00eda llevar al compromiso de credenciales sensibles y de toda la infraestructura gestionada."}], "id": "CVE-2026-1961", "lastModified": "2026-03-27T17:16:27.193", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 5.9, "source": "[email protected]", "type": "Secondary"}]}, "published": "2026-03-26T13:16:27.650", "references": [{"source": "[email protected]", "url": "https://access.redhat.com/errata/RHSA-2026:5968"}, {"source": "[email protected]", "url": "https://access.redhat.com/errata/RHSA-2026:5970"}, {"source": "[email protected]", "url": "https://access.redhat.com/errata/RHSA-2026:5971"}, {"source": "[email protected]", "url": "https://access.redhat.com/security/cve/CVE-2026-1961"}, {"source": "[email protected]", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437036"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2026/03/27/3"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Awaiting Analysis"}

{"acknowledgement": "Red Hat would like to thank Houssam Sahli for reporting this issue.", "affected_release": [{"advisory": "RHSA-2026:5971", "cpe": "cpe:/a:redhat:satellite_utils:6.16::el8", "package": "foreman-0:3.12.0.14-1.el8sat", "product_name": "Red Hat Satellite 6.16 for RHEL 8", "release_date": "2026-03-26T00:00:00Z"}, {"advisory": "RHSA-2026:5971", "cpe": "cpe:/a:redhat:satellite_utils:6.16::el9", "package": "foreman-0:3.12.0.14-1.el9sat", "product_name": "Red Hat Satellite 6.16 for RHEL 9", "release_date": "2026-03-26T00:00:00Z"}, {"advisory": "RHSA-2026:5970", "cpe": "cpe:/a:redhat:satellite_maintenance:6.17::el9", "package": "foreman-0:3.14.0.14-1.el9sat", "product_name": "Red Hat Satellite 6.17 for RHEL 9", "release_date": "2026-03-26T00:00:00Z"}, {"advisory": "RHSA-2026:5970", "cpe": "cpe:/a:redhat:satellite_maintenance:6.17::el9", "package": "libcomps-0:0.1.23-0.3.el9pc", "product_name": "Red Hat Satellite 6.17 for RHEL 9", "release_date": "2026-03-26T00:00:00Z"}, {"advisory": "RHSA-2026:5970", "cpe": "cpe:/a:redhat:satellite_maintenance:6.17::el9", "package": "python-brotli-0:1.2.0-0.1.el9pc", "product_name": "Red Hat Satellite 6.17 for RHEL 9", "release_date": "2026-03-26T00:00:00Z"}, {"advisory": "RHSA-2026:5970", "cpe": "cpe:/a:redhat:satellite_maintenance:6.17::el9", "package": "python-django-0:4.2.28-0.1.el9pc", "product_name": "Red Hat Satellite 6.17 for RHEL 9", "release_date": "2026-03-26T00:00:00Z"}, {"advisory": "RHSA-2026:5970", "cpe": "cpe:/a:redhat:satellite_maintenance:6.17::el9", "package": "python-pulp-container-0:2.22.3-1.el9pc", "product_name": "Red Hat Satellite 6.17 for RHEL 9", "release_date": "2026-03-26T00:00:00Z"}, {"advisory": "RHSA-2026:5970", "cpe": "cpe:/a:redhat:satellite_maintenance:6.17::el9", "package": "python-pulp-rpm-0:3.27.10-2.el9pc", "product_name": "Red Hat Satellite 6.17 for RHEL 9", "release_date": "2026-03-26T00:00:00Z"}, {"advisory": "RHSA-2026:5970", "cpe": "cpe:/a:redhat:satellite_maintenance:6.17::el9", "package": "rubygem-fog-kubevirt-0:1.5.1-1.el9sat", "product_name": "Red Hat Satellite 6.17 for RHEL 9", "release_date": "2026-03-26T00:00:00Z"}, {"advisory": "RHSA-2026:5970", "cpe": "cpe:/a:redhat:satellite_maintenance:6.17::el9", "package": "rubygem-foreman_kubevirt-0:0.4.3-1.el9sat", "product_name": "Red Hat Satellite 6.17 for RHEL 9", "release_date": "2026-03-26T00:00:00Z"}, {"advisory": "RHSA-2026:5970", "cpe": "cpe:/a:redhat:satellite_maintenance:6.17::el9", "package": "rubygem-katello-0:4.16.0.14-1.el9sat", "product_name": "Red Hat Satellite 6.17 for RHEL 9", "release_date": "2026-03-26T00:00:00Z"}, {"advisory": "RHSA-2026:5970", "cpe": "cpe:/a:redhat:satellite_maintenance:6.17::el9", "package": "rubygem-rubyipmi-0:0.13.0-1.el9sat", "product_name": "Red Hat Satellite 6.17 for RHEL 9", "release_date": "2026-03-26T00:00:00Z"}, {"advisory": "RHSA-2026:5970", "cpe": "cpe:/a:redhat:satellite_maintenance:6.17::el9", "package": "satellite-0:6.17.7-1.el9sat", "product_name": "Red Hat Satellite 6.17 for RHEL 9", "release_date": "2026-03-26T00:00:00Z"}, {"advisory": "RHSA-2026:5970", "cpe": "cpe:/a:redhat:satellite_maintenance:6.17::el9", "package": "yggdrasil-worker-forwarder-0:0.0.3-4.el9sat", "product_name": "Red Hat Satellite 6.17 for RHEL 9", "release_date": "2026-03-26T00:00:00Z"}, {"advisory": "RHSA-2026:5970", "cpe": "cpe:/a:redhat:satellite_utils:6.17::el9", "package": "foreman-0:3.14.0.14-1.el9sat", "product_name": "Red Hat Satellite 6.17 for RHEL 9", "release_date": "2026-03-26T00:00:00Z"}, {"advisory": "RHSA-2026:5970", "cpe": "cpe:/a:redhat:satellite_utils:6.17::el9", "package": "libcomps-0:0.1.23-0.3.el9pc", "product_name": "Red Hat Satellite 6.17 for RHEL 9", "release_date": "2026-03-26T00:00:00Z"}, {"advisory": "RHSA-2026:5970", "cpe": "cpe:/a:redhat:satellite_utils:6.17::el9", "package": "python-brotli-0:1.2.0-0.1.el9pc", "product_name": "Red Hat Satellite 6.17 for RHEL 9", "release_date": "2026-03-26T00:00:00Z"}, {"advisory": "RHSA-2026:5970", "cpe": "cpe:/a:redhat:satellite_utils:6.17::el9", "package": "python-django-0:4.2.28-0.1.el9pc", "product_name": "Red Hat Satellite 6.17 for RHEL 9", "release_date": "2026-03-26T00:00:00Z"}, {"advisory": "RHSA-2026:5970", "cpe": "cpe:/a:redhat:satellite_utils:6.17::el9", "package": "python-pulp-container-0:2.22.3-1.el9pc", "product_name": "Red Hat Satellite 6.17 for RHEL 9", "release_date": "2026-03-26T00:00:00Z"}, {"advisory": "RHSA-2026:5970", "cpe": "cpe:/a:redhat:satellite_utils:6.17::el9", "package": "python-pulp-rpm-0:3.27.10-2.el9pc", "product_name": "Red Hat Satellite 6.17 for RHEL 9", "release_date": "2026-03-26T00:00:00Z"}, {"advisory": "RHSA-2026:5970", "cpe": "cpe:/a:redhat:satellite_utils:6.17::el9", "package": "rubygem-fog-kubevirt-0:1.5.1-1.el9sat", "product_name": "Red Hat Satellite 6.17 for RHEL 9", "release_date": "2026-03-26T00:00:00Z"}, {"advisory": "RHSA-2026:5970", "cpe": "cpe:/a:redhat:satellite_utils:6.17::el9", "package": "rubygem-foreman_kubevirt-0:0.4.3-1.el9sat", "product_name": "Red Hat Satellite 6.17 for RHEL 9", "release_date": "2026-03-26T00:00:00Z"}, {"advisory": "RHSA-2026:5970", "cpe": "cpe:/a:redhat:satellite_utils:6.17::el9", "package": "rubygem-katello-0:4.16.0.14-1.el9sat", "product_name": "Red Hat Satellite 6.17 for RHEL 9", "release_date": "2026-03-26T00:00:00Z"}, {"advisory": "RHSA-2026:5970", "cpe": "cpe:/a:redhat:satellite_utils:6.17::el9", "package": "rubygem-rubyipmi-0:0.13.0-1.el9sat", "product_name": "Red Hat Satellite 6.17 for RHEL 9", "release_date": "2026-03-26T00:00:00Z"}, {"advisory": "RHSA-2026:5970", "cpe": "cpe:/a:redhat:satellite_utils:6.17::el9", "package": "satellite-0:6.17.7-1.el9sat", "product_name": "Red Hat Satellite 6.17 for RHEL 9", "release_date": "2026-03-26T00:00:00Z"}, {"advisory": "RHSA-2026:5970", "cpe": "cpe:/a:redhat:satellite_utils:6.17::el9", "package": "yggdrasil-worker-forwarder-0:0.0.3-4.el9sat", "product_name": "Red Hat Satellite 6.17 for RHEL 9", "release_date": "2026-03-26T00:00:00Z"}, {"advisory": "RHSA-2026:5968", "cpe": "cpe:/a:redhat:satellite_utils:6.18::el9", "package": "foreman-0:3.16.0.12-1.el9sat", "product_name": "Red Hat Satellite 6.18 for RHEL 9", "release_date": "2026-03-26T00:00:00Z"}], "bugzilla": {"description": "forman: Foreman: Remote Code Execution via command injection in WebSocket proxy", "id": "2437036", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437036"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.0", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "status": "verified"}, "details": ["A flaw was found in Foreman. A remote attacker could exploit a command injection vulnerability in Foreman's WebSocket proxy implementation. This vulnerability arises from the system's use of unsanitized hostname values from compute resource providers when constructing shell commands. By operating a malicious compute resource server, an attacker could achieve remote code execution on the Foreman server when a user accesses VM VNC console functionality. This could lead to the compromise of sensitive credentials and the entire managed infrastructure."], "name": "CVE-2026-1961", "package_state": [{"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Affected", "package_name": "satellite-utils:el8/foreman", "product_name": "Red Hat Satellite 6"}], "public_date": "2026-03-26T12:30:45Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-1961\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-1961"], "statement": "This issue was rated as Important. Command injection vulnerability in Foreman's WebSocket proxy. Exploitation occurs when an administrator configures a malicious compute resource server and subsequently accesses its VM console functionality. Successful exploitation can lead to remote code execution on the Foreman server, potentially compromising sensitive credentials and the entire managed infrastructure.", "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": null}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Red Hat Satellite 6", "source": "cna", "vendor": "Red Hat"}, "product": "red_hat_satellite_6", "vendor": "red_hat"}, {"configurations": [{"platform": null, "status": "affected", "versions": null}], "original": {"product": "Red Hat Satellite 6", "source": "cna", "vendor": "Red Hat"}, "product": "satellite", "vendor": "redhat"}], "analysis": {"en": {"generated_at": "2026-03-27T10:22:29.762092+00:00", "value": {"mitigation_remediation": ["Install the Red\u00a0Hat\u00a0Satellite\u00a06 and related component patch releases available under RHSA\u20112026:5968, RHSA\u20112026:5970, and RHSA\u20112026:5971.", "After the packages are updated, restart the Foreman web server, the WebSocket proxy, and any Satellite management services.", "Verify the patch has been applied by checking the package versions or consulting the RHSA errata documentation.", "If an immediate patch is not possible, isolate or remove any untrusted compute resource providers and restrict VNC console access to authorized users.", "Continuously monitor the WebSocket and VNC console logs for unexpected connections and command execution attempts."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "Affected products are Red\u00a0Hat Satellite\u00a06 and its related components\u2014including Satellite Capsule, Satellite Maintenance, and Satellite Utils\u2014across versions 6.16, 6.17, and 6.18 for RHEL\u202f8 and RHEL\u202f9. The specific versions included in the CNA list are 6, 6.16 (el8/el9), 6.17 (el9), and 6.18 (el9), together with the capsule, maintenance, and utils packages for the same releases.", "description_and_impact": "The vulnerability is a command\u2011injection flaw in Foreman\u2019s WebSocket proxy. The host name supplied by compute resource providers is placed directly into shell commands without sanitization. When an attacker controls a compute resource server, the malicious host name is used in a command that the Foreman server executes. This gives the attacker arbitrary shell\u2011command execution on the Foreman host whenever a user opens a VNC console, allowing full compromise of credentials and the infrastructure managed by the server.", "risk_and_exploitability": "The flaw scores a CVSS score of 8, indicating high severity, but EPSS data is missing and the vulnerability is not listed in the CISA KEV catalog. The attack vector is remote, requiring an attacker to set up a malicious compute resource that serves an unsanitized host name; a user must thereafter access the VNC console, which triggers the vulnerable WebSocket proxy. Because the injected command runs on the Foreman server, the impact is full remote code execution, compromising all managed hosts."}}}}, "created": "2026-03-27T08:35:50.699223+00:00", "updated": "2026-03-27T15:47:35.573980+00:00", "vendors": ["red_hat", "red_hat$PRODUCT$red_hat_satellite_6", "redhat", "redhat$PRODUCT$satellite"]}