CVE-2026-1961
HIGHForman: foreman: remote code execution via command injection in websocket proxy
Title source: cnaDescription
A flaw was found in Foreman. A remote attacker could exploit a command injection vulnerability in Foreman's WebSocket proxy implementation. This vulnerability arises from the system's use of unsanitized hostname values from compute resource providers when constructing shell commands. By operating a malicious compute resource server, an attacker could achieve remote code execution on the Foreman server when a user accesses VM VNC console functionality. This could lead to the compromise of sensitive credentials and the entire managed infrastructure.
References (6)
Core 6
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:5968
https://access.redhat.com/errata/RHSA-2026:5968
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:5970
https://access.redhat.com/errata/RHSA-2026:5970
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:5971
https://access.redhat.com/errata/RHSA-2026:5971
Vdb Entry, X_Refsource_Redhat vdb-entry
x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2026-1961
Issue Tracking, X_Refsource_Redhat issue-tracking
x_refsource_redhat
RHBZ#2437036
https://bugzilla.redhat.com/show_bug.cgi?id=2437036
Scores
CVSS v3
8.0
EPSS
0.0004
EPSS Percentile
14.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-78
Status
published
Products (16)
Red Hat/Red Hat Satellite 6
Red Hat/Red Hat Satellite 6.16 for RHEL 8
0:3.12.0.14-1.el8sat
Red Hat/Red Hat Satellite 6.16 for RHEL 9
0:3.12.0.14-1.el9sat
Red Hat/Red Hat Satellite 6.17 for RHEL 9
0:0.0.3-4.el9sat
Red Hat/Red Hat Satellite 6.17 for RHEL 9
0:0.1.23-0.3.el9pc
Red Hat/Red Hat Satellite 6.17 for RHEL 9
0:0.13.0-1.el9sat
Red Hat/Red Hat Satellite 6.17 for RHEL 9
0:0.4.3-1.el9sat
Red Hat/Red Hat Satellite 6.17 for RHEL 9
0:1.2.0-0.1.el9pc
Red Hat/Red Hat Satellite 6.17 for RHEL 9
0:1.5.1-1.el9sat
Red Hat/Red Hat Satellite 6.17 for RHEL 9
0:2.22.3-1.el9pc
... and 6 more
Published
Mar 26, 2026
Tracked Since
Mar 26, 2026