CVE-2026-1961 - Vulnerability Details

A flaw was found in Foreman. A remote attacker could exploit a command injection vulnerability in Foreman's WebSocket proxy implementation. This vulnerability arises from the system's use of unsanitized hostname values from compute resource providers when constructing shell commands. By operating a malicious compute resource server, an attacker could achieve remote code execution on the Foreman server when a user accesses VM VNC console functionality. This could lead to the compromise of sensitive credentials and the entire managed infrastructure.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation poc

Automatable no

Technical Impact total

Vendors	Products
Redhat Subscribe	Satellite Subscribe Satellite Capsule Subscribe Satellite Maintenance Subscribe Satellite Utils Subscribe

No data.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://access.redhat.com/errata/RHSA-2026:5970
https://access.redhat.com/errata/RHSA-2026:5971
https://access.redhat.com/security/cve/CVE-2026-1961
https://bugzilla.redhat.com/show_bug.cgi?id=2437036

History

Thu, 26 Mar 2026 21:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat satellite Capsule Redhat satellite Maintenance Redhat satellite Utils
CPEs		cpe:/a:redhat:satellite:6.16::el8 cpe:/a:redhat:satellite:6.16::el9 cpe:/a:redhat:satellite:6.17::el9 cpe:/a:redhat:satellite_capsule:6.16::el8 cpe:/a:redhat:satellite_capsule:6.16::el9 cpe:/a:redhat:satellite_capsule:6.17::el9 cpe:/a:redhat:satellite_maintenance:6.16::el9 cpe:/a:redhat:satellite_maintenance:6.17::el9 cpe:/a:redhat:satellite_utils:6.16::el8 cpe:/a:redhat:satellite_utils:6.16::el9 cpe:/a:redhat:satellite_utils:6.17::el9
Vendors & Products		Redhat satellite Capsule Redhat satellite Maintenance Redhat satellite Utils
References		https://access.redhat.com/errata/RHSA-2026:5970 https://access.redhat.com/errata/RHSA-2026:5971

Thu, 26 Mar 2026 13:15:00 +0000

Type	Values Removed	Values Added
Description		A flaw was found in Foreman. A remote attacker could exploit a command injection vulnerability in Foreman's WebSocket proxy implementation. This vulnerability arises from the system's use of unsanitized hostname values from compute resource providers when constructing shell commands. By operating a malicious compute resource server, an attacker could achieve remote code execution on the Foreman server when a user accesses VM VNC console functionality. This could lead to the compromise of sensitive credentials and the entire managed infrastructure.
Title		Forman: foreman: remote code execution via command injection in websocket proxy
First Time appeared		Redhat Redhat satellite
CPEs		cpe:/a:redhat:satellite:6
Vendors & Products		Redhat Redhat satellite
References		https://access.redhat.com/security/cve/CVE-2026-1961 https://bugzilla.redhat.com/show_bug.cgi?id=2437036
Metrics		cvssV3_1 `{'score': 8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2026-03-26T12:53:09.566Z

Updated: 2026-03-26T23:00:16.222Z

Reserved: 2026-02-05T10:43:18.671Z

Link: CVE-2026-1961

Vulnrichment

Updated: 2026-03-26T13:11:38.229Z

NVD

Status : Awaiting Analysis

Published: 2026-03-26T13:16:27.650

Modified: 2026-03-26T21:17:02.533

Link: CVE-2026-1961

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

No weakness.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Exploitation poc

Automatable no

Technical Impact total

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object