CVE-2026-0980 — Vulnetix

CVE-2026-0980 PUBLISHED CVSS 8.300000190734863 HIGH

rubyipmi is vulnerable to OS Command Injection through malicious usernames

EPSS 0.10% · 27.6th percentile

Risk Scores

CVSS 3.1

8.300000190734863

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

EPSS Score

0.10%

27.6th percentile

Affected Products

Vendor	Product	Versions
Red Hat	Red Hat Satellite 6.17 for RHEL 9	0:2.22.3-1.el9pc, 0:2.22.3-1.el9pc, 0:2.22.3-1.el9pc
Red Hat	Red Hat Satellite 6
Red Hat	Red Hat Satellite 6.17 for RHEL 9	0:1.5.1-1.el9sat, 0:1.5.1-1.el9sat, 0:1.5.1-1.el9sat
Red Hat	Red Hat Satellite 6.17 for RHEL 9	0:3.27.10-2.el9pc, 0:3.27.10-2.el9pc, 0:3.27.10-2.el9pc
Red Hat	Red Hat Satellite 6.18 for RHEL 9	0:0.13.0-1.el9sat, 0:0.13.0-1.el9sat, 0:0.13.0-1.el9sat
Red Hat	Red Hat Satellite 6.17 for RHEL 9	0:3.14.0.14-1.el9sat, 0:3.14.0.14-1.el9sat, 0:3.14.0.14-1.el9sat
Red Hat	Red Hat Satellite 6.17 for RHEL 9	0:4.16.0.14-1.el9sat, 0:4.16.0.14-1.el9sat, 0:4.16.0.14-1.el9sat
Red Hat	Red Hat Satellite 6.17 for RHEL 9	0:0.13.0-1.el9sat, 0:0.13.0-1.el9sat, 0:0.13.0-1.el9sat
logicminds	rubyipmi	0, 0, 0
RubyGems	rubyipmi	0, 0, 0
Red Hat	Red Hat Satellite 6.17 for RHEL 9	0:6.17.7-1.el9sat, *, 0:6.17.7-1.el9sat
Red Hat	Red Hat Satellite 6.17 for RHEL 9	0:0.0.3-4.el9sat, 0:0.0.3-4.el9sat, 0:0.0.3-4.el9sat
Red Hat	Red Hat Satellite 6.17 for RHEL 9	, 0:1.2.0-0.1.el9pc,
Red Hat	Red Hat Satellite 6.17 for RHEL 9	0:4.2.28-0.1.el9pc, 0:4.2.28-0.1.el9pc, *
Red Hat	Red Hat Satellite 6.16 for RHEL 8	0:0.13.0-0.1.el8sat, 0:0.13.0-0.1.el8sat, *
Red Hat	Red Hat Satellite 6.17 for RHEL 9	0:0.4.3-1.el9sat, 0:0.4.3-1.el9sat, *
redhat	satellite	6.0, 6.0, 6.0
Red Hat	Red Hat Satellite 6.17 for RHEL 9	0:0.1.23-0.3.el9pc, 0:0.1.23-0.3.el9pc, 0:0.1.23-0.3.el9pc
Red Hat	Red Hat Satellite 6.16 for RHEL 9	0:0.13.0-0.1.el9sat, 0:0.13.0-0.1.el9sat, 0:0.13.0-0.1.el9sat

Exploit Intelligence

CIRCL seen: CVE-2026-0980 (circl-sighting)
CIRCL seen: CVE-2026-0980 (circl-sighting)
CIRCL seen: CVE-2026-0980 (circl-sighting)
CIRCL seen: CVE-2026-0980 (circl-sighting)
RHSA-2026:5968 (circl)
RHSA-2026:5970 (circl)
RHSA-2026:5971 (circl)
https://access.redhat.com/security/cve/CVE-2026-0980 (circl)
RHBZ#2429874 (circl)

Timeline

Feb 27, 2026 CVE Published
Feb 27, 2026 EPSS Score
Feb 27, 2026 PoC Published
Feb 27, 2026 PoC Published
Feb 27, 2026 PoC Published
Feb 28, 2026 EPSS Score
Mar 2, 2026 EPSS Score
Mar 3, 2026 EPSS Score
Mar 5, 2026 EPSS Score
Mar 5, 2026 PoC Published
Mar 6, 2026 EPSS Score
Mar 8, 2026 EPSS Score

References

RHSA-2026:5968 vendor-advisory
RHSA-2026:5970 vendor-advisory
RHSA-2026:5971 vendor-advisory
https://access.redhat.com/security/cve/CVE-2026-0980 vdb
RHBZ#2429874 issue
https://nvd.nist.gov/vuln/detail/CVE-2026-0980 advisory
https://github.com/logicminds/rubyipmi/commit/252503a7b4dca68388165883b0322024e344a215 url
https://github.com/logicminds/rubyipmi package
https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubyipmi/CVE-2026-0980.yml url

Open in Interactive Console →

$ Console Community · 100/wk Open console ›