Description
A flaw was found in the Katello plugin for Red Hat Satellite. This vulnerability, caused by improper sanitization of user-provided input, allows a remote attacker to inject arbitrary SQL commands into the sort_by parameter of the /api/hosts/bootc_images API endpoint. This can lead to a Denial of Service (DoS) by triggering database errors, and potentially enable Boolean-based Blind SQL injection, which could allow an attacker to extract sensitive information from the database.
Published: 2026-03-17
Score: 5.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service and potential information disclosure via SQL injection
Action: Apply Patch
AI Analysis

Impact

The Katello plugin for Red Hat Satellite contains a flaw where the sort_by input of the /api/hosts/bootc_images endpoint is not properly sanitized. This allows an attacker to inject arbitrary SQL commands. The injected statements can trigger database errors, leading to a denial of service, and, on suitable database responses, enable Boolean‑based blind SQL injection that may reveal sensitive data.

Affected Systems

Red Hat Satellite 6, including the 6.17 and 6.18 builds for RHEL 9, as well as the satellite capsule, maintenance, and utilities components at those same versions.

Risk and Exploitability

The CVSS score of 5.4 indicates moderate severity, and the EPSS score of less than 1 % suggests that exploitation is unlikely to be widespread. The vulnerability is not listed in CISA’s KEV catalog, and no public exploitation has been reported. Based on the description, the likely attack vector is a remote web‑application request to the exposed API endpoint, potentially requiring network access to the Satellite server but not necessarily privileged credentials. An attacker could induce a database error that halts the API or, if database error messages are returned, infer database structure or sensitive data through Boolean‑based blind techniques.

Generated by OpenCVE AI on March 27, 2026 at 06:39 UTC.

Remediation

Vendor Workaround

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.

OpenCVE Recommended Actions

  • Apply the Red Hat errata RHSA-2026:5968 and RHSA-2026:5970 to update the Katello plugin.
  • Confirm that the patch has been installed and the Satellite service is running with the updated version.
  • Limit exposure of the /api/hosts/bootc_images endpoint by restricting network access to trusted administrators, if possible.
  • Monitor for unusual database activity or API errors that may indicate attempts to exploit the injection vulnerability.

Generated by OpenCVE AI on March 27, 2026 at 06:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-fwj4-6wgp-mpxm Katello: Denial of Service and potential information disclosure via SQL injection
History

Fri, 27 Mar 2026 04:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:satellite:6.18::el9
cpe:/a:redhat:satellite_capsule:6.18::el9
cpe:/a:redhat:satellite_utils:6.18::el9
References

Thu, 26 Mar 2026 21:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat satellite Capsule
Redhat satellite Maintenance
Redhat satellite Utils
CPEs cpe:/a:redhat:satellite:6.17::el9
cpe:/a:redhat:satellite_capsule:6.17::el9
cpe:/a:redhat:satellite_maintenance:6.17::el9
cpe:/a:redhat:satellite_utils:6.17::el9
Vendors & Products Redhat satellite Capsule
Redhat satellite Maintenance
Redhat satellite Utils
References

Wed, 18 Mar 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Moderate

Tue, 17 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 17 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Description A flaw was found in the Katello plugin for Red Hat Satellite. This vulnerability, caused by improper sanitization of user-provided input, allows a remote attacker to inject arbitrary SQL commands into the sort_by parameter of the /api/hosts/bootc_images API endpoint. This can lead to a Denial of Service (DoS) by triggering database errors, and potentially enable Boolean-based Blind SQL injection, which could allow an attacker to extract sensitive information from the database.
Title Rubygem-katello: katello: denial of service and potential information disclosure via sql injection
First Time appeared Redhat
Redhat satellite
Weaknesses CWE-89
CPEs cpe:/a:redhat:satellite:6
Vendors & Products Redhat
Redhat satellite
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L'}

Subscriptions

Redhat Satellite Satellite Capsule Satellite Maintenance Satellite Utils
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-03-26T23:10:28.361Z

Reserved: 2026-03-17T12:30:29.903Z

Link: CVE-2026-4324

cve-icon Vulnrichment

Updated: 2026-03-17T14:26:54.303Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-17T14:16:19.777

Modified: 2026-03-27T00:16:23.800

Link: CVE-2026-4324

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-03-17T13:18:00Z

Links: CVE-2026-4324 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T08:42:17Z

Weaknesses