CVE-2026-1961

A flaw was found in Foreman. A remote attacker could exploit a command injection vulnerability in Foreman's WebSocket proxy implementation. This vulnerability arises from the system's use of unsanitized hostname values from compute resource providers when constructing shell commands. By operating a malicious compute resource server, an attacker could achieve remote code execution on the Foreman server when a user accesses VM VNC console functionality. This could lead to the compromise of sensitive credentials and the entire managed infrastructure.

CVSS v3 8.0 HIGH

8.0^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.1 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/errata/RHSA-2026:5968
https://access.redhat.com/errata/RHSA-2026:5970
https://access.redhat.com/errata/RHSA-2026:5971
https://access.redhat.com/security/cve/CVE-2026-1961
https://bugzilla.redhat.com/show_bug.cgi?id=2437036
http://www.openwall.com/lists/oss-security/2026/03/27/3

Configurations

No configuration.

History

08 Apr 2026, 12:16

Type	Values Removed	Values Added
CWE		CWE-78

27 Mar 2026, 17:16

Type	Values Removed	Values Added
References		() http://www.openwall.com/lists/oss-security/2026/03/27/3 -
Summary		(es) Se encontró un fallo en Foreman. Un atacante remoto podría explotar una vulnerabilidad de inyección de comandos en la implementación del proxy WebSocket de Foreman. Esta vulnerabilidad surge del uso por parte del sistema de valores de nombre de host no saneados de proveedores de recursos de cómputo al construir comandos de shell. Al operar un servidor de recursos de cómputo malicioso, un atacante podría lograr la ejecución remota de código en el servidor de Foreman cuando un usuario accede a la funcionalidad de la consola VNC de una VM. Esto podría llevar al compromiso de credenciales sensibles y de toda la infraestructura gestionada.

27 Mar 2026, 00:16

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2026:5968 -

26 Mar 2026, 21:17

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2026:5970 - () https://access.redhat.com/errata/RHSA-2026:5971 -

26 Mar 2026, 13:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-26 13:16

Updated : 2026-04-08 12:16

NVD link : CVE-2026-1961

Mitre link : CVE-2026-1961

CVE.ORG link : CVE-2026-1961

JSON object : View

Products Affected

No product.

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

8.0 /10