CVE-2026-13316 PUBLISHED

Foreman: ssrf to cloud metada service through unvalidated test_url parameters in foreman config

Assigner: redhat
Reserved: 25.06.2026 Published: 30.06.2026 Updated: 30.06.2026

A flaw has been found in foreman when HTTP parameters are modified in http_proxies_controller and http_proxy files. Attackers can perform an SSRF attack and steal cloud metadata service on AWS/GCP/Azure environment through foreman component.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
CVSS Score: 4.4

Attack Vector	Local	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	High	Integrity Impact	None
User Interaction	None	Availability Impact	None

CVSS 3.1

Product Status

Vendor	Red Hat
Product	Red Hat Satellite 6
Versions	Default: affected

Vendor	Red Hat
Product	Red Hat Satellite 6
Versions	Default: affected

Workarounds

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

References

Problem Types

Server-Side Request Forgery (SSRF) CWE