VDB
CVE-2026-1530
CVE-2026-1530
PUBLISHED
CVSS 8.100000381469727 HIGH
A flaw was found in fog-kubevirt. This vulnerability allows a remote attacker to perform a Man-in-the-Middle (MITM) attack due to disabled certificate validation. This enables the attacker to intercept and potentially alter sensitive communications between Satellite and OpenShift, resulting in information disclosure and data integrity compromise.
EPSS 0.01% · 1.6th percentile
Risk Scores
CVSS v3.1
8.100000381469727
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS Score
0.01%
1.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Red Hat Satellite 6.17 for RHEL 9 | 0:3.27.10-2.el9pc, 0:3.27.10-2.el9pc, 0:3.27.10-2.el9pc |
| Red Hat | Red Hat Satellite 6.17 for RHEL 9 | 0:0.0.3-4.el9sat, 0:0.0.3-4.el9sat, 0:0.0.3-4.el9sat |
| Red Hat | Red Hat Satellite 6.16 for RHEL 8 | 0:1.5.1-1.el8sat, *, 0:1.5.1-1.el8sat |
| Red Hat | Red Hat Satellite 6.17 for RHEL 9 | 0:1.2.0-0.1.el9pc, 0:1.2.0-0.1.el9pc, * |
| Red Hat | Red Hat Satellite 6 | |
| Red Hat | Red Hat Satellite 6.17 for RHEL 9 | 0:4.2.28-0.1.el9pc, 0:4.2.28-0.1.el9pc, 0:4.2.28-0.1.el9pc |
| Red Hat | Red Hat Satellite 6.17 for RHEL 9 | 0:3.14.0.14-1.el9sat, 0:3.14.0.14-1.el9sat, 0:3.14.0.14-1.el9sat |
| Red Hat | Red Hat Satellite 6.16 for RHEL 9 | 0:1.5.1-1.el9sat, 0:1.5.1-1.el9sat, 0:1.5.1-1.el9sat |
| Red Hat | Red Hat Satellite 6.17 for RHEL 9 | 0:1.5.1-1.el9sat, 0:1.5.1-1.el9sat, 0:1.5.1-1.el9sat |
| Red Hat | Red Hat Satellite 6.17 for RHEL 9 | 0:4.16.0.14-1.el9sat, 0:4.16.0.14-1.el9sat, 0:4.16.0.14-1.el9sat |
| RubyGems | fog-kubevirt | 0, 0, 0 |
| Red Hat | Red Hat Satellite 6.17 for RHEL 9 | 0:0.1.23-0.3.el9pc, 0:0.1.23-0.3.el9pc, 0:0.1.23-0.3.el9pc |
| Red Hat | Red Hat Satellite 6.17 for RHEL 9 | 0:6.17.7-1.el9sat, 0:6.17.7-1.el9sat, 0:6.17.7-1.el9sat |
| Red Hat | Red Hat Satellite 6.17 for RHEL 9 | 0:0.4.3-1.el9sat, 0:0.4.3-1.el9sat, 0:0.4.3-1.el9sat |
| Red Hat | Red Hat Satellite 6.17 for RHEL 9 | 0:0.13.0-1.el9sat, 0:0.13.0-1.el9sat, 0:0.13.0-1.el9sat |
| Red Hat | Red Hat Satellite 6.17 for RHEL 9 | 0:2.22.3-1.el9pc, 0:2.22.3-1.el9pc, 0:2.22.3-1.el9pc |
Timeline
- Feb 2, 2026 CVE Published
- Feb 2, 2026 EPSS Score
- Feb 2, 2026 PoC Published
- Feb 4, 2026 EPSS Score
- Feb 7, 2026 EPSS Score
- Feb 9, 2026 EPSS Score
- Feb 11, 2026 EPSS Score
- Feb 13, 2026 EPSS Score
- Feb 16, 2026 EPSS Score
- Feb 18, 2026 EPSS Score
- Feb 20, 2026 EPSS Score
- Feb 22, 2026 EPSS Score
References
- RHSA-2026:5970 vendor-advisory
- RHSA-2026:5971 vendor-advisory
- https://access.redhat.com/security/cve/CVE-2026-1530 vdb
- RHBZ#2433784 issue
- https://nvd.nist.gov/vuln/detail/CVE-2026-1530 advisory
- https://github.com/fog/fog-kubevirt/pull/168 url
- https://github.com/fog/fog-kubevirt/commit/8371e9ded99f9ec3e74caf2f283836109763e450 url
- https://github.com/fog/fog-kubevirt/commit/9603d79a239a0f68bedfc679cd1b65fbf6ec4753 url
- https://github.com/fog/fog-kubevirt package
- https://github.com/fog/fog-kubevirt/blob/8adb03e07972d6e19a7713ecf2a827aa2cfe4b9e/CHANGELOG.md?plain=1#L11 url
- https://github.com/fog/fog-kubevirt/releases/tag/v1.5.1 url
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/fog-kubevirt/CVE-2026-1530.yml url