CVE-2026-28296

MEDIUM

GVfs FTP Backend - Command Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-28296. PoCs published by exploitintel.

AI-analyzed exploit summary This repository contains functional exploit code for CVE-2025-10622, an OS command injection vulnerability in Foreman. The PoC demonstrates how an authenticated administrator can bypass client-side validation to execute arbitrary commands via the `ct_location` or `fcct_location` settings.

Description

A flaw was found in the FTP GVfs backend. A remote attacker could exploit this input validation vulnerability by supplying specially crafted file paths containing carriage return and line feed (CRLF) sequences. These unsanitized sequences allow the attacker to terminate intended FTP commands and inject arbitrary FTP commands, potentially leading to arbitrary code execution or other severe impacts.

Exploits (1)

github WORKING POC

by exploitintel · pythonpoc

https://github.com/exploitintel/eip-pocs-and-cves/tree/main/CVE-2026-28296

View Code ZIP pw:eip

This repository contains functional exploit code for CVE-2025-10622, an OS command injection vulnerability in Foreman. The PoC demonstrates how an authenticated administrator can bypass client-side validation to execute arbitrary commands via the `ct_location` or `fcct_location` settings.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Foreman (3.12.0 through 3.16.0)

Auth required

Prerequisites: Authenticated access to Foreman with `edit_settings` permission · REST API or GraphQL access

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (2)

Core 2

Core References

Vendor Advisory vdb-entry x_refsource_redhat

https://access.redhat.com/security/cve/CVE-2026-28296

Vendor Advisory issue-tracking x_refsource_redhat

https://bugzilla.redhat.com/show_bug.cgi?id=2443003

Related Analysis

CRLF Injection Bypass

Five CVEs Case Study

Scores

CVSS v3 4.3

EPSS 0.0009

EPSS Percentile 26.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-93

Status published

Products (5)

Red Hat/Red Hat Enterprise Linux 10

Red Hat/Red Hat Enterprise Linux 6

Red Hat/Red Hat Enterprise Linux 7

Red Hat/Red Hat Enterprise Linux 8

Red Hat/Red Hat Enterprise Linux 9

Published Feb 26, 2026

Tracked Since Feb 26, 2026