CVE-2026-0980 — Vulnetix

Try Vulnetix Request Demo

CVE-2026-0980 PUBLISHED CVSS 8.300000190734863 HIGH

A flaw was found in rubyipmi, a gem used in the Baseboard Management Controller (BMC) component of Red Hat Satellite. An authenticated attacker with host creation or update permissions could exploit this vulnerability by crafting a malicious username for the BMC interface. This could lead to remote code execution (RCE) on the system.

EPSS 0.07% · 21.7th percentile

Risk Scores

CVSS v3.1

8.300000190734863

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

EPSS Score

0.07%

21.7th percentile

Affected Products

Vendor	Product	Versions
Red Hat	Red Hat Satellite 6.17 for RHEL 9	0:2.22.3-1.el9pc, 0:2.22.3-1.el9pc, 0:2.22.3-1.el9pc
Red Hat	Red Hat Satellite 6
Red Hat	Red Hat Satellite 6.17 for RHEL 9	0:1.5.1-1.el9sat, 0:1.5.1-1.el9sat, 0:1.5.1-1.el9sat
Red Hat	Red Hat Satellite 6.17 for RHEL 9	0:3.27.10-2.el9pc, 0:3.27.10-2.el9pc, 0:3.27.10-2.el9pc
Red Hat	Red Hat Satellite 6.18 for RHEL 9	0:0.13.0-1.el9sat, 0:0.13.0-1.el9sat, 0:0.13.0-1.el9sat
Red Hat	Red Hat Satellite 6.17 for RHEL 9	0:3.14.0.14-1.el9sat, 0:3.14.0.14-1.el9sat, 0:3.14.0.14-1.el9sat
Red Hat	Red Hat Satellite 6.17 for RHEL 9	0:4.16.0.14-1.el9sat, 0:4.16.0.14-1.el9sat, 0:4.16.0.14-1.el9sat
Red Hat	Red Hat Satellite 6.17 for RHEL 9	0:0.13.0-1.el9sat, 0:0.13.0-1.el9sat, 0:0.13.0-1.el9sat
logicminds	rubyipmi	0, 0
RubyGems	rubyipmi	0, 0
Red Hat	Red Hat Satellite 6.17 for RHEL 9	0:6.17.7-1.el9sat, 0:6.17.7-1.el9sat, 0:6.17.7-1.el9sat
Red Hat	Red Hat Satellite 6.17 for RHEL 9	0:0.0.3-4.el9sat, 0:0.0.3-4.el9sat, 0:0.0.3-4.el9sat
Red Hat	Red Hat Satellite 6.17 for RHEL 9	0:1.2.0-0.1.el9pc, 0:1.2.0-0.1.el9pc, 0:1.2.0-0.1.el9pc
Red Hat	Red Hat Satellite 6.17 for RHEL 9	0:4.2.28-0.1.el9pc, 0:4.2.28-0.1.el9pc, 0:4.2.28-0.1.el9pc
Red Hat	Red Hat Satellite 6.16 for RHEL 8	0:0.13.0-0.1.el8sat, 0:0.13.0-0.1.el8sat, 0:0.13.0-0.1.el8sat
Red Hat	Red Hat Satellite 6.17 for RHEL 9	0:0.4.3-1.el9sat, 0:0.4.3-1.el9sat, 0:0.4.3-1.el9sat
redhat	satellite	6.0, 6.0
Red Hat	Red Hat Satellite 6.17 for RHEL 9	0:0.1.23-0.3.el9pc, 0:0.1.23-0.3.el9pc, 0:0.1.23-0.3.el9pc
Red Hat	Red Hat Satellite 6.16 for RHEL 9	0:0.13.0-0.1.el9sat, 0:0.13.0-0.1.el9sat, 0:0.13.0-0.1.el9sat

Timeline

Feb 27, 2026 CVE Published
Feb 27, 2026 EPSS Score
Feb 27, 2026 PoC Published
Feb 27, 2026 PoC Published
Feb 27, 2026 PoC Published
Feb 28, 2026 EPSS Score
Mar 1, 2026 EPSS Score
Mar 2, 2026 EPSS Score
Mar 3, 2026 EPSS Score
Mar 4, 2026 EPSS Score
Mar 5, 2026 EPSS Score
Mar 5, 2026 PoC Published

References

RHSA-2026:5968 vendor-advisory
RHSA-2026:5970 vendor-advisory
RHSA-2026:5971 vendor-advisory
https://access.redhat.com/security/cve/CVE-2026-0980 vdb
RHBZ#2429874 issue
https://nvd.nist.gov/vuln/detail/CVE-2026-0980 advisory
https://github.com/logicminds/rubyipmi/commit/252503a7b4dca68388165883b0322024e344a215 url
https://github.com/logicminds/rubyipmi package
https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubyipmi/CVE-2026-0980.yml url

Open in Interactive Console →