CVE-2026-5138
Foreman: foreman: information disclosure via improper validation of nested request parameters
CVSS Score
4.3
EPSS Score
0.0%
EPSS Percentile
0th
A flaw was found in Foreman. An authenticated user with host-edit permissions could exploit a cross-tenant information disclosure vulnerability. This flaw occurs because the taxonomy_scope controller method does not properly validate organization and location IDs from nested request parameters, bypassing existing authorization checks. This allows the user to leak sensitive infrastructure metadata, including subnet topology, IP ranges, gateways, DNS servers, and VLAN IDs, from organizations and locations they are not authorized to access.
| CWE | CWE-639 |
| Vendor | red hat |
| Product | red hat satellite 6 |
| Published | Jul 1, 2026 |
| Last Updated | Jul 1, 2026 |
Stay Ahead of the Next One
Get instant alerts for red hat red hat satellite 6
Be the first to know when new medium vulnerabilities affecting red hat red hat satellite 6 are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None
Affected Versions
Red Hat / Red Hat Satellite 6
All versions affected Red Hat / Red Hat Satellite 6
All versions affected References
Credits
Red Hat would like to thank Stanislav Fot (Aisle Research) for reporting this issue.