CVE-2026-5135 PUBLISHED

Foreman: foreman: unauthorized modification of host configurations via broken access control

Assigner: redhat
Reserved: 30.03.2026 Published: 01.07.2026 Updated: 01.07.2026

A flaw was found in Foreman. This broken access control vulnerability allows an authenticated user with host-edit permissions to retarget an existing lookup value override to a different host. This is achieved by modifying the match field through nested host attributes, effectively bypassing authorisation checks. The consequence is the potential for unauthorised modification of managed host configurations across different organisational and location boundaries.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
CVSS Score: 6.5

Product Status

Vendor Red Hat
Product Red Hat Satellite 6
Versions Default: affected
Vendor Red Hat
Product Red Hat Satellite 6
Versions Default: affected

Credits

  • Red Hat would like to thank Stanislav Fot (Aisle Research) for reporting this issue.

References

Problem Types

  • Authorization Bypass Through User-Controlled Key CWE