CVE-2026-5138
MEDIUMForeman: foreman: information disclosure via improper validation of nested request parameters
Title source: cnaDescription
A flaw was found in Foreman. An authenticated user with host-edit permissions could exploit a cross-tenant information disclosure vulnerability. This flaw occurs because the taxonomy_scope controller method does not properly validate organization and location IDs from nested request parameters, bypassing existing authorization checks. This allows the user to leak sensitive infrastructure metadata, including subnet topology, IP ranges, gateways, DNS servers, and VLAN IDs, from organizations and locations they are not authorized to access.
References (6)
Core 6
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:34365
https://access.redhat.com/errata/RHSA-2026:34365
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:34366
https://access.redhat.com/errata/RHSA-2026:34366
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:34367
https://access.redhat.com/errata/RHSA-2026:34367
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:34368
https://access.redhat.com/errata/RHSA-2026:34368
Vdb Entry, X_Refsource_Redhat vdb-entry
x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2026-5138
Issue Tracking, X_Refsource_Redhat issue-tracking
x_refsource_redhat
RHBZ#2452971
https://bugzilla.redhat.com/show_bug.cgi?id=2452971
Scores
CVSS v3
4.3
EPSS
0.0023
EPSS Percentile
13.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-639
Status
published
Products (8)
Red Hat/Red Hat Satellite 6
Red Hat/Red Hat Satellite 6.16 for RHEL 8
0:3.12.0.17-1.el8sat
Red Hat/Red Hat Satellite 6.16 for RHEL 9
0:3.12.0.17-1.el9sat
Red Hat/Red Hat Satellite 6.17 for RHEL 9
0:3.14.0.17-1.el9sat
Red Hat/Red Hat Satellite 6.18 for RHEL 9
0:3.16.0.17-1.el9sat
Red Hat/Red Hat Satellite 6.19 for RHEL 9
0:3.18.0.7-1.el9sat
redhat/satellite
6.16 - 6.16.10
theforeman/foreman
< 3.18.2
Published
Jul 01, 2026
Tracked Since
Jul 01, 2026