CVE-2026-5138 MEDIUM

CVE-2026-5138: Foreman: foreman: information disclosure via improper validation of nested request parameters

Vendor Red Hat
Product Red Hat Satellite 6
Weakness CWE-639 · IDOR
Published July 1, 2026
Last update July 1, 2026

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

A flaw was found in Foreman. An authenticated user with host-edit permissions could exploit a cross-tenant information disclosure vulnerability. This flaw occurs because the taxonomy_scope controller method does not properly validate organization and location IDs from nested request parameters, bypassing existing authorization checks. This allows the user to leak sensitive infrastructure metadata, including subnet topology, IP ranges, gateways, DNS servers, and VLAN IDs, from organizations and locations they are not authorized to access.

Key dates

02Disclosure timeline

July 1, 2026 CVE published
July 1, 2026 Record updated

Related vulnerabilities

04Related CVE