CVE-2026-5135
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
A flaw was found in Foreman. This broken access control vulnerability allows an authenticated user with host-edit permissions to retarget an existing lookup value override to a different host. This is achieved by modifying the match field through nested host attributes, effectively bypassing authorisation checks. The consequence is the potential for unauthorised modification of managed host configurations across different organisational and location boundaries.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Red Hat | Red Hat Satellite 6.16 for RHEL 8 | 0:3.12.0.17-1.el8sat < * | unaffected |
| Red Hat | Red Hat Satellite 6.16 for RHEL 9 | 0:3.12.0.17-1.el9sat < * | unaffected |
| Red Hat | Red Hat Satellite 6.17 for RHEL 9 | 0:3.14.0.17-1.el9sat < * | unaffected |
| Red Hat | Red Hat Satellite 6.18 for RHEL 9 | 0:3.16.0.17-1.el9sat < * | unaffected |
| Red Hat | Red Hat Satellite 6.19 for RHEL 9 | 0:3.18.0.7-1.el9sat < * | unaffected |
Weaknesses
- CWE-639: Authorization Bypass Through User-Controlled Key
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://access.redhat.com/errata/RHSA-2026:34365
- https://access.redhat.com/errata/RHSA-2026:34366
- https://access.redhat.com/errata/RHSA-2026:34367
- https://access.redhat.com/errata/RHSA-2026:34368
- https://access.redhat.com/security/cve/CVE-2026-5135
- https://bugzilla.redhat.com/show_bug.cgi?id=2452230
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.