CVE-2026-5142
Foreman: foreman: cross-tenant private ssh key disclosure via taxonomy scoping bypass
Vexday Risk Score
10Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 6.5EPSS —KEV nãoPoC —Nuclei —Metasploit —Patch referenciado
Ciclo de vida
01 jul 2026Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
A flaw was found in foreman. Authenticated users with 'view_keypairs' permission can bypass taxonomy scoping, allowing them to download private SSH (Secure Shell) keys from other organizations by directly querying key pair IDs. This vulnerability leads to cross-tenant data exposure in multi-tenant deployments, potentially compromising sensitive information.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Produtos afetados
Red Hat · Red Hat Satellite 6Red Hat · Red Hat Satellite 6.16 for RHEL 8Red Hat · Red Hat Satellite 6.16 for RHEL 9Red Hat · Red Hat Satellite 6.17 for RHEL 9Red Hat · Red Hat Satellite 6.18 for RHEL 9Red Hat · Red Hat Satellite 6.19 for RHEL 9Referências
https://access.redhat.com/errata/RHSA-2026:34365https://access.redhat.com/errata/RHSA-2026:34366https://access.redhat.com/errata/RHSA-2026:34367https://access.redhat.com/errata/RHSA-2026:34368https://access.redhat.com/security/cve/CVE-2026-5142https://bugzilla.redhat.com/show_bug.cgi?id=2452999