HarborGuard / CVE
Back to search
HIGHCVE-2026-1961Published Modified CNA redhat

CVE-2026-1961: Forman: foreman: remote code execution via command injection in websocket proxy

A flaw was found in Foreman. A remote attacker could exploit a command injection vulnerability in Foreman's WebSocket proxy implementation. This vulnerability arises from the system's use of unsanitized hostname values from compute resource providers when constructing shell commands. By operating a malicious compute resource server, an attacker could achieve remote code execution on the Foreman server when a user accesses VM VNC console functionality. This could lead to the compromise of sensitive credentials and the entire managed infrastructure.

Metrics

CVSS v3.1
8.0
Severity
HIGH
Fixed in
0:0.0.3-4.el9sat
Affected Products
28

Fix available

0:0.0.3-4.el9sat0:0.1.23-0.3.el9pc0:0.4.3-1.el9sat0:0.13.0-1.el9sat0:1.2.0-0.1.el9pc0:1.5.1-1.el9sat0:2.22.3-1.el9pc0:3.12.0.14-1.el8sat0:3.12.0.14-1.el9sat0:3.14.0.14-1.el9sat0:3.16.0.12-1.el9sat0:3.27.10-2.el9pc0:4.2.28-0.1.el9pc0:4.16.0.14-1.el9sat0:6.17.7-1.el9sat
Affected packages
  • Red Hat / Red Hat Satellite 6.16 for RHEL 8
    Fixed in 0:3.12.0.14-1.el8sat
  • Red Hat / Red Hat Satellite 6.16 for RHEL 9
    Fixed in 0:3.12.0.14-1.el9sat
  • Red Hat / Red Hat Satellite 6.17 for RHEL 9
    Fixed in 0:3.14.0.14-1.el9sat
  • Red Hat / Red Hat Satellite 6.17 for RHEL 9
    Fixed in 0:0.1.23-0.3.el9pc
  • Red Hat / Red Hat Satellite 6.17 for RHEL 9
    Fixed in 0:1.2.0-0.1.el9pc
  • Red Hat / Red Hat Satellite 6.17 for RHEL 9
    Fixed in 0:4.2.28-0.1.el9pc
  • Red Hat / Red Hat Satellite 6.17 for RHEL 9
    Fixed in 0:2.22.3-1.el9pc
  • Red Hat / Red Hat Satellite 6.17 for RHEL 9
    Fixed in 0:3.27.10-2.el9pc
  • Red Hat / Red Hat Satellite 6.17 for RHEL 9
    Fixed in 0:1.5.1-1.el9sat
  • Red Hat / Red Hat Satellite 6.17 for RHEL 9
    Fixed in 0:0.4.3-1.el9sat
  • Red Hat / Red Hat Satellite 6.17 for RHEL 9
    Fixed in 0:4.16.0.14-1.el9sat
  • Red Hat / Red Hat Satellite 6.17 for RHEL 9
    Fixed in 0:0.13.0-1.el9sat
  • Red Hat / Red Hat Satellite 6.17 for RHEL 9
    Fixed in 0:6.17.7-1.el9sat
  • Red Hat / Red Hat Satellite 6.17 for RHEL 9
    Fixed in 0:0.0.3-4.el9sat
  • Red Hat / Red Hat Satellite 6.17 for RHEL 9
    Fixed in 0:3.14.0.14-1.el9sat
  • Red Hat / Red Hat Satellite 6.17 for RHEL 9
    Fixed in 0:0.1.23-0.3.el9pc
  • Red Hat / Red Hat Satellite 6.17 for RHEL 9
    Fixed in 0:1.2.0-0.1.el9pc
  • Red Hat / Red Hat Satellite 6.17 for RHEL 9
    Fixed in 0:4.2.28-0.1.el9pc
  • Red Hat / Red Hat Satellite 6.17 for RHEL 9
    Fixed in 0:2.22.3-1.el9pc
  • Red Hat / Red Hat Satellite 6.17 for RHEL 9
    Fixed in 0:3.27.10-2.el9pc
  • Red Hat / Red Hat Satellite 6.17 for RHEL 9
    Fixed in 0:1.5.1-1.el9sat
  • Red Hat / Red Hat Satellite 6.17 for RHEL 9
    Fixed in 0:0.4.3-1.el9sat
  • Red Hat / Red Hat Satellite 6.17 for RHEL 9
    Fixed in 0:4.16.0.14-1.el9sat
  • Red Hat / Red Hat Satellite 6.17 for RHEL 9
    Fixed in 0:0.13.0-1.el9sat
  • Red Hat / Red Hat Satellite 6.17 for RHEL 9
    Fixed in 0:6.17.7-1.el9sat
  • Red Hat / Red Hat Satellite 6.17 for RHEL 9
    Fixed in 0:0.0.3-4.el9sat
  • Red Hat / Red Hat Satellite 6.18 for RHEL 9
    Fixed in 0:3.16.0.12-1.el9sat
  • Red Hat / Red Hat Satellite 6
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
References