CVE-2026-1530

Summary

A flaw was found in fog-kubevirt. This vulnerability allows a remote attacker to perform a Man-in-the-Middle (MITM) attack due to disabled certificate validation. This enables the attacker to intercept and potentially alter sensitive communications between Satellite and OpenShift, resulting in information disclosure and data integrity compromise.

Affected Software

VendorProductVersion RangeStatus
Red HatRed Hat Satellite 6.16 for RHEL 80:1.5.1-1.el8sat < *unaffected
Red HatRed Hat Satellite 6.16 for RHEL 90:1.5.1-1.el9sat < *unaffected
Red HatRed Hat Satellite 6.17 for RHEL 90:3.14.0.14-1.el9sat < *unaffected
Red HatRed Hat Satellite 6.17 for RHEL 90:0.1.23-0.3.el9pc < *unaffected
Red HatRed Hat Satellite 6.17 for RHEL 90:1.2.0-0.1.el9pc < *unaffected
Red HatRed Hat Satellite 6.17 for RHEL 90:4.2.28-0.1.el9pc < *unaffected
Red HatRed Hat Satellite 6.17 for RHEL 90:2.22.3-1.el9pc < *unaffected
Red HatRed Hat Satellite 6.17 for RHEL 90:3.27.10-2.el9pc < *unaffected
Red HatRed Hat Satellite 6.17 for RHEL 90:1.5.1-1.el9sat < *unaffected
Red HatRed Hat Satellite 6.17 for RHEL 90:0.4.3-1.el9sat < *unaffected
Red HatRed Hat Satellite 6.17 for RHEL 90:4.16.0.14-1.el9sat < *unaffected
Red HatRed Hat Satellite 6.17 for RHEL 90:0.13.0-1.el9sat < *unaffected
Red HatRed Hat Satellite 6.17 for RHEL 90:6.17.7-1.el9sat < *unaffected
Red HatRed Hat Satellite 6.17 for RHEL 90:0.0.3-4.el9sat < *unaffected
Red HatRed Hat Satellite 6.17 for RHEL 90:3.14.0.14-1.el9sat < *unaffected
Red HatRed Hat Satellite 6.17 for RHEL 90:0.1.23-0.3.el9pc < *unaffected
Red HatRed Hat Satellite 6.17 for RHEL 90:1.2.0-0.1.el9pc < *unaffected
Red HatRed Hat Satellite 6.17 for RHEL 90:4.2.28-0.1.el9pc < *unaffected
Red HatRed Hat Satellite 6.17 for RHEL 90:2.22.3-1.el9pc < *unaffected
Red HatRed Hat Satellite 6.17 for RHEL 90:3.27.10-2.el9pc < *unaffected
Red HatRed Hat Satellite 6.17 for RHEL 90:1.5.1-1.el9sat < *unaffected
Red HatRed Hat Satellite 6.17 for RHEL 90:0.4.3-1.el9sat < *unaffected
Red HatRed Hat Satellite 6.17 for RHEL 90:4.16.0.14-1.el9sat < *unaffected
Red HatRed Hat Satellite 6.17 for RHEL 90:0.13.0-1.el9sat < *unaffected
Red HatRed Hat Satellite 6.17 for RHEL 90:6.17.7-1.el9sat < *unaffected
Red HatRed Hat Satellite 6.17 for RHEL 90:0.0.3-4.el9sat < *unaffected

Weaknesses

  • CWE-295: Improper Certificate Validation

Workarounds

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

fog-kubevirt: fog-kubevirt: Man-in-the-Middle vulnerability due to disabled certificate validation

Additional References

References