CVE-2026-1530

HIGH

Rubygems Fog-kubevirt < 1.5.1 - Improper Certificate Validation

Title source: rule

Description

A flaw was found in fog-kubevirt. This vulnerability allows a remote attacker to perform a Man-in-the-Middle (MITM) attack due to disabled certificate validation. This enables the attacker to intercept and potentially alter sensitive communications between Satellite and OpenShift, resulting in information disclosure and data integrity compromise.

References (4)

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2026:5970

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2026:5971

[Vendor Advisory] https://access.redhat.com/security/cve/CVE-2026-1530

[Issue Tracking] https://bugzilla.redhat.com/show_bug.cgi?id=2433784

Scores

CVSS v3 8.1

EPSS 0.0001

EPSS Percentile 1.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-295

Status published

Products (16)

Red Hat/Red Hat Satellite 6

Red Hat/Red Hat Satellite 6.16 for RHEL 8 0:1.5.1-1.el8sat

Red Hat/Red Hat Satellite 6.16 for RHEL 9 0:1.5.1-1.el9sat

Red Hat/Red Hat Satellite 6.17 for RHEL 9 0:0.0.3-4.el9sat

Red Hat/Red Hat Satellite 6.17 for RHEL 9 0:0.1.23-0.3.el9pc

Red Hat/Red Hat Satellite 6.17 for RHEL 9 0:0.13.0-1.el9sat

Red Hat/Red Hat Satellite 6.17 for RHEL 9 0:0.4.3-1.el9sat

Red Hat/Red Hat Satellite 6.17 for RHEL 9 0:1.2.0-0.1.el9pc

Red Hat/Red Hat Satellite 6.17 for RHEL 9 0:1.5.1-1.el9sat

Red Hat/Red Hat Satellite 6.17 for RHEL 9 0:2.22.3-1.el9pc

... and 6 more

Published Feb 02, 2026

Tracked Since Feb 18, 2026