Description
A flaw was found in Foreman. This broken access control vulnerability allows an authenticated user with host-edit permissions to retarget an existing lookup value override to a different host. This is achieved by modifying the match field through nested host attributes, effectively bypassing authorisation checks. The consequence is the potential for unauthorised modification of managed host configurations across different organisational and location boundaries.
Published: 2026-07-01
Score: 6.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in Foreman, identified5135, involves broken access control that permits an authenticated user with host‑edit permissions to retarget an existing lookup value override to a different host by modifying the match field through nested host attributes. The flaw bypasses authorization checks, enabling the attacker to modify managed host configurations beyond their usual scope and across different organizational and location boundaries. The weakness is classified as CWE‑639, indicating compromised authority.

Affected Systems

The vulnerability affects Red Hat Satellite 6 deployments. All installations of Red Hat Satellite 6 are potentially impacted, as the issue resides in the Foreman component used to manage host configurations. No specific patch level or version is listed, so administrators available updates through the Red Hat Customer Portal or equivalent channels.

Risk and Exploitability

The CVSS score of 6.5 signifies a medium severity with moderate impact, while the EPSS score is not available and the vulnerability is not listed in the current CISA KEV catalog. The attack requires an authenticated session with host‑edit privilege, meaning the threat vector is internal and depends on compromised credentials or social engineering. Given the ability to alter host configurations across organization and location boundaries, the potential damage includes inadvertent misconfiguration, service disruption, and policy violations, making this a notable risk for organizations that rely on strict separation between environments.

Generated by OpenCVE AI on July 1, 2026 at 19:46 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check the Red Hat Customer Portal or subscribe to the Red Hat Satellite security advisory feed for any patches addressing CVE‑2026‑5135 and apply them as soon as they are released.
  • Implement role‑based access control so that only trusted users have host‑edit permissions, and review logging and auditing of host lookup overrides and monitor for unauthorized changes across organizational or location boundaries.
  • Apply network segmentation and additional isolation between environments to limit the impact of any unauthorized configuration changes.

Generated by OpenCVE AI on July 1, 2026 at 19:46 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 20:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat satellite Capsule
Redhat satellite Maintenance
Redhat satellite Utils
CPEs cpe:/a:redhat:satellite:6.16::el8
cpe:/a:redhat:satellite:6.16::el9
cpe:/a:redhat:satellite:6.18::el9
cpe:/a:redhat:satellite_capsule:6.16::el8
cpe:/a:redhat:satellite_capsule:6.16::el9
cpe:/a:redhat:satellite_capsule:6.18::el9
cpe:/a:redhat:satellite_maintenance:6.16::el8
cpe:/a:redhat:satellite_maintenance:6.16::el9
cpe:/a:redhat:satellite_utils:6.16::el8
cpe:/a:redhat:satellite_utils:6.16::el9
cpe:/a:redhat:satellite_utils:6.18::el9
Vendors & Products Redhat satellite Capsule
Redhat satellite Maintenance
Redhat satellite Utils
References

Wed, 01 Jul 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 01 Jul 2026 14:30:00 +0000

Type Values Removed Values Added
Description A flaw was found in Foreman. This broken access control vulnerability allows an authenticated user with host-edit permissions to retarget an existing lookup value override to a different host. This is achieved by modifying the match field through nested host attributes, effectively bypassing authorisation checks. The consequence is the potential for unauthorised modification of managed host configurations across different organisational and location boundaries.
Title Foreman: foreman: unauthorized modification of host configurations via broken access control
First Time appeared Redhat
Redhat satellite
Weaknesses CWE-639
CPEs cpe:/a:redhat:satellite:6
Vendors & Products Redhat
Redhat satellite
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N'}


Subscriptions

Redhat Satellite Satellite Capsule Satellite Maintenance Satellite Utils
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-07-01T19:40:47.169Z

Reserved: 2026-03-30T10:42:55.307Z

Link: CVE-2026-5135

cve-icon Vulnrichment

Updated: 2026-07-01T14:52:31.307Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T20:00:06Z

Weaknesses
  • CWE-639

    Authorization Bypass Through User-Controlled Key