A flaw was found in Foreman. A remote attacker could exploit a command injection vulnerability in Foreman's WebSocket proxy implementation. This vulnerability arises from the system's use of unsanitized hostname values from compute resource providers when constructing shell commands.
By operating a malicious compute resource server, an attacker could achieve remote code execution on the Foreman server when a user accesses VM VNC console functionality. This could lead to the compromise of sensitive credentials and the entire managed infrastructure.
Attack Parameters
Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Privileges Required
Low
Basic privileges needed
User Interaction
Required
User action required
Impact Assessment
Confidentiality
High
Complete data leak
Integrity
High
Complete data modification
Availability
High
Complete denial of service
CVSS Vector v3.1
References 6
https://access.redhat.com/security/cve/CVE-2026-1961
secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2437036
secalert@redhat.com
https://access.redhat.com/errata/RHSA-2026:5968
secalert@redhat.com
https://access.redhat.com/errata/RHSA-2026:5970
secalert@redhat.com
https://access.redhat.com/errata/RHSA-2026:5971
secalert@redhat.com
http://www.openwall.com/lists/oss-security/2026/03/27/3
af854a3a-2127-422b-91ae-364da2661108