Description
A flaw was found in rubyipmi, a gem used in the Baseboard Management Controller (BMC) component of Red Hat Satellite. An authenticated attacker with host creation or update permissions could exploit this vulnerability by crafting a malicious username for the BMC interface. This could lead to remote code execution (RCE) on the system.
Published: 2026-02-27
Score: 8.3 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

A flaw was discovered in the rubyipmi gem that underpins the Baseboard Management Controller component of Red Hat Satellite. An attacker who can authenticate with host‑creation or host‑update privileges can craft a specially crafted BMC username that triggers the vulnerability. The result is remote code execution on the affected system, giving the attacker the ability to run arbitrary commands as the BMC process. This vulnerability is a case of operating‑system command injection (CWE‑78).

Affected Systems

Red Hat Satellite 6 and its sub‑versions 6.16, 6.17, and 6.18 for RHEL 8 and RHEL 9, as well as the Satellite capsule, maintenance, and utilities packages that rely on rubyipmi. The affected CPEs indicate that any component built with rubyipmi in the specified versions is vulnerable.

Risk and Exploitability

The CVSS score is 8.3, indicating a severe risk level. The EPSS score is reported as <1 %, meaning real‑world exploitation is currently considered unlikely but not impossible. The vulnerability is not listed in the CISA KEV catalog. Because exploitation requires authenticated host permissions, the attack vector is most likely internal or by an attacker who gains the ability to create or update host definitions. The resulting impact is compromise of the host on which the BMC process runs, potentially affecting the entire satellite‑managed infrastructure.

Generated by OpenCVE AI on April 16, 2026 at 15:30 UTC.

Remediation

Vendor Workaround

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

OpenCVE Recommended Actions

  • Apply the Red Hat Satellite errata updates RHSA‑2026:5968, RHSA‑2026:5970, and RHSA‑2026:5971 to upgrade rubyipmi to the fixed version.
  • Restrict or remove host‑creation and host‑update permissions from untrusted users to reduce the attack surface.
  • Audit BMC authentication logs for suspicious username patterns and monitor for unexpected command execution.
  • No effective workaround is available; rely on applying the official patch and following the above mitigations.

Generated by OpenCVE AI on April 16, 2026 at 15:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-hfcp-477w-3wjw rubyipmi is vulnerable to OS Command Injection through malicious usernames
History

Fri, 27 Mar 2026 04:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:satellite:6.18::el9
cpe:/a:redhat:satellite_capsule:6.18::el9
cpe:/a:redhat:satellite_utils:6.18::el9
References

Thu, 26 Mar 2026 21:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat satellite Capsule
Redhat satellite Maintenance
Redhat satellite Utils
CPEs cpe:/a:redhat:satellite:6.16::el8
cpe:/a:redhat:satellite:6.16::el9
cpe:/a:redhat:satellite:6.17::el9
cpe:/a:redhat:satellite_capsule:6.16::el8
cpe:/a:redhat:satellite_capsule:6.16::el9
cpe:/a:redhat:satellite_capsule:6.17::el9
cpe:/a:redhat:satellite_maintenance:6.16::el9
cpe:/a:redhat:satellite_maintenance:6.17::el9
cpe:/a:redhat:satellite_utils:6.16::el8
cpe:/a:redhat:satellite_utils:6.16::el9
cpe:/a:redhat:satellite_utils:6.17::el9
Vendors & Products Redhat satellite Capsule
Redhat satellite Maintenance
Redhat satellite Utils
References

Fri, 06 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 05 Mar 2026 02:15:00 +0000

Type Values Removed Values Added
First Time appeared Logicminds
Logicminds rubyipmi
CPEs cpe:2.3:a:logicminds:rubyipmi:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*
Vendors & Products Logicminds
Logicminds rubyipmi

Fri, 27 Feb 2026 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Red Hat
Red Hat red Hat Satellite 6
Vendors & Products Red Hat
Red Hat red Hat Satellite 6

Fri, 27 Feb 2026 08:00:00 +0000

Type Values Removed Values Added
Description A flaw was found in rubyipmi, a gem used in the Baseboard Management Controller (BMC) component of Red Hat Satellite. An authenticated attacker with host creation or update permissions could exploit this vulnerability by crafting a malicious username for the BMC interface. This could lead to remote code execution (RCE) on the system.
Title Rubyipmi: red hat satellite: remote code execution in rubyipmi via malicious bmc username
First Time appeared Redhat
Redhat satellite
Weaknesses CWE-78
CPEs cpe:/a:redhat:satellite:6
Vendors & Products Redhat
Redhat satellite
References
Metrics cvssV3_1

{'score': 8.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L'}

Subscriptions

Logicminds Rubyipmi
Red Hat Red Hat Satellite 6
Redhat Satellite Satellite Capsule Satellite Maintenance Satellite Utils
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-03-26T23:10:23.847Z

Reserved: 2026-01-15T08:53:56.962Z

Link: CVE-2026-0980

cve-icon Vulnrichment

Updated: 2026-03-06T18:48:57.445Z

cve-icon NVD

Status : Modified

Published: 2026-02-27T08:17:09.647

Modified: 2026-03-27T00:16:21.087

Link: CVE-2026-0980

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T15:45:16Z

Weaknesses