VDB
CVE-2026-1531
CVE-2026-1531
PUBLISHED
CVSS 8.100000381469727 HIGH
A flaw was found in foreman_kubevirt. When configuring the connection to OpenShift, the system disables SSL verification if a Certificate Authority (CA) certificate is not explicitly set. This insecure default allows a remote attacker, capable of intercepting network traffic between Satellite and OpenShift, to perform a Man-in-the-Middle (MITM) attack. Such an attack could lead to the disclosure or alteration of sensitive information.
EPSS 0.01% · 1.9th percentile
Risk Scores
CVSS v3.1
8.100000381469727
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS Score
0.01%
1.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Red Hat Satellite 6 | |
| Red Hat | Red Hat Satellite 6.17 for RHEL 9 | 0:0.4.3-1.el9sat, 0:0.4.3-1.el9sat, 0:0.4.3-1.el9sat |
| Red Hat | Red Hat Satellite 6.17 for RHEL 9 | *, *, 0:3.27.10-2.el9pc |
| Red Hat | Red Hat Satellite 6.17 for RHEL 9 | 0:1.2.0-0.1.el9pc, 0:1.2.0-0.1.el9pc, * |
| Red Hat | Red Hat Satellite 6.18 for RHEL 9 | 0:0.4.3-1.el9sat, 0:0.4.3-1.el9sat |
| Red Hat | Red Hat Satellite 6.17 for RHEL 9 | 0:6.17.7-1.el9sat, *, * |
| Red Hat | Red Hat Satellite 6.17 for RHEL 9 | 0:0.1.23-0.3.el9pc, 0:0.1.23-0.3.el9pc, 0:0.1.23-0.3.el9pc |
| Red Hat | Red Hat Satellite 6.16 for RHEL 8 | 0:0.2.0-2.el8sat, * |
| Red Hat | Red Hat Satellite 6.17 for RHEL 9 | 0:0.13.0-1.el9sat, 0:0.13.0-1.el9sat, 0:0.13.0-1.el9sat |
| Red Hat | Red Hat Satellite 6.17 for RHEL 9 | *, 0:4.16.0.14-1.el9sat, 0:4.16.0.14-1.el9sat |
| Red Hat | Red Hat Satellite 6.17 for RHEL 9 | *, 0:2.22.3-1.el9pc, * |
| Red Hat | Red Hat Satellite 6.17 for RHEL 9 | 0:3.14.0.14-1.el9sat, 0:3.14.0.14-1.el9sat, 0:3.14.0.14-1.el9sat |
| Red Hat | Red Hat Satellite 6.17 for RHEL 9 | 0:1.5.1-1.el9sat, 0:1.5.1-1.el9sat, 0:1.5.1-1.el9sat |
| Red Hat | Red Hat Satellite 6.16 for RHEL 9 | 0:0.2.0-2.el9sat, 0:0.2.0-2.el9sat |
| RubyGems | foreman_kubevirt | 0, 0 |
| Red Hat | Red Hat Satellite 6.17 for RHEL 9 | 0:0.0.3-4.el9sat, 0:0.0.3-4.el9sat, 0:0.0.3-4.el9sat |
| Red Hat | Red Hat Satellite 6.17 for RHEL 9 | 0:4.2.28-0.1.el9pc, 0:4.2.28-0.1.el9pc, 0:4.2.28-0.1.el9pc |
Timeline
- Feb 2, 2026 CVE Published
- Feb 2, 2026 EPSS Score
- Feb 2, 2026 PoC Published
- Feb 4, 2026 EPSS Score
- Feb 7, 2026 EPSS Score
- Feb 9, 2026 EPSS Score
- Feb 11, 2026 EPSS Score
- Feb 13, 2026 EPSS Score
- Feb 16, 2026 EPSS Score
- Feb 18, 2026 EPSS Score
- Feb 20, 2026 EPSS Score
- Feb 22, 2026 EPSS Score
References
- RHSA-2026:5968 vendor-advisory
- RHSA-2026:5970 vendor-advisory
- RHSA-2026:5971 vendor-advisory
- https://access.redhat.com/security/cve/CVE-2026-1531 vdb
- RHBZ#2433786 issue
- https://nvd.nist.gov/vuln/detail/CVE-2026-1531 advisory
- https://github.com/theforeman/foreman_kubevirt/commit/6c9973ee59c6fbec65f165eb9ea9dd4ebb6eeef1 url
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/foreman_kubevirt/CVE-2026-1531.yml url
- https://github.com/theforeman/foreman_kubevirt package