Description
A flaw was found in the foreman-mcp-server. A session management vulnerability in the MCP Server allows unauthenticated attackers to hijack active administrative sessions due to an improper cache of authenticated client connections, by trusting a non-secret session ID without re-validating authentication tokens and by logging all newly created session IDs to standard logs. This issue can result in privilege escalation and infrastructure-wide code execution.
Published: 2026-06-23
Score: 7.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in the foreman-mcp-server component allows an attacker to hijack active administrative sessions. The server irresponsibly caches authenticated client connections, trusts a non‑secret session identifier, and logs all new session IDs to standard logs. This defect leads to privilege escalation and potentially code execution across the managed infrastructure. The weakness corresponds to CWE‑287: Improper Authentication.

Affected Systems

Red Hat Satellite 6 is affected. The vulnerability exists specifically within the foreman‑mcp‑server service bundled with this distribution.

Risk and Exploitability

The CVSS score of 7.8 marks the issue as high severity. EPSS data are not available and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is a remote, unauthenticated user sending requests containing a legitimate session ID that they obtain from logs or other sources. Once the session is hijacked, the attacker gains elevated privileges and can execute code throughout the managed network. No practical interim workaround has been identified; the recommended response is to update to the patched package as soon as it becomes available.

Generated by OpenCVE AI on June 24, 2026 at 02:55 UTC.

Remediation

Vendor Workaround

Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.

OpenCVE Recommended Actions

  • Apply the latest Red Hat Satellite 6 update that includes the fix for foreman-mcp-server.
  • Follow Red Hat’s guidance and install the update as soon as possible; no interim practical workaround has been identified.
  • Restrict write access to the standard log files that store session identifiers to minimize leakage of session IDs.

Generated by OpenCVE AI on June 24, 2026 at 02:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 24 Jun 2026 02:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:satellite:6 cpe:/a:redhat:satellite:6.19::el9
References

Wed, 24 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Important

Tue, 23 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Description A flaw was found in the foreman-mcp-server. A session management vulnerability in the MCP Server allows unauthenticated attackers to hijack active administrative sessions due to an improper cache of authenticated client connections, by trusting a non-secret session ID without re-validating authentication tokens and by logging all newly created session IDs to standard logs. This issue can result in privilege escalation and infrastructure-wide code execution.
Title Foreman-mcp-server: mcp server: active session hijacking via insecure session state reuse
First Time appeared Redhat
Redhat satellite
Weaknesses CWE-287
CPEs cpe:/a:redhat:satellite:6
Vendors & Products Redhat
Redhat satellite
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Redhat Satellite
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-06-24T01:41:36.307Z

Reserved: 2026-06-12T14:41:26.279Z

Link: CVE-2026-12112

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity : Important

Publid Date: 2026-06-23T14:31:23Z

Links: CVE-2026-12112 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-24T03:00:14Z

Weaknesses