VDB

CVE-2026-4324

CVE-2026-4324 PUBLISHED CVSS 5.400000095367432 MEDIUM

A flaw was found in the Katello plugin for Red Hat Satellite. This vulnerability, caused by improper sanitization of user-provided input, allows a remote attacker to inject arbitrary SQL commands into the sort_by parameter of the /api/hosts/bootc_images API endpoint. This can lead to a Denial of Service (DoS) by triggering database errors, and potentially enable Boolean-based Blind SQL injection, which could allow an attacker to extract sensitive information from the database.

EPSS 0.12% · 29.8th percentile

Risk Scores

CVSS 3.1
5.400000095367432
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
EPSS Score
0.12%
29.8th percentile

Affected Products

VendorProductVersions
Red HatRed Hat Satellite 6.17 for RHEL 90:1.2.0-0.1.el9pc, 0:1.2.0-0.1.el9pc, 0:1.2.0-0.1.el9pc
RubyGemskatello0, 0, 0
Red HatRed Hat Satellite 6.17 for RHEL 90:4.16.0.14-1.el9sat, 0:4.16.0.14-1.el9sat, 0:4.16.0.14-1.el9sat
Red HatRed Hat Satellite 6.18 for RHEL 90:4.18.0.9-1.el9sat, 0:4.18.0.9-1.el9sat, *
Red HatRed Hat Satellite 6.17 for RHEL 90:6.17.7-1.el9sat, 0:6.17.7-1.el9sat, 0:6.17.7-1.el9sat
Red HatRed Hat Satellite 6.17 for RHEL 90:3.27.10-2.el9pc, 0:3.27.10-2.el9pc, 0:3.27.10-2.el9pc
Red HatRed Hat Satellite 6.17 for RHEL 90:4.2.28-0.1.el9pc, 0:4.2.28-0.1.el9pc, 0:4.2.28-0.1.el9pc
Red HatRed Hat Satellite 6.17 for RHEL 90:0.0.3-4.el9sat, 0:0.0.3-4.el9sat, 0:0.0.3-4.el9sat
Red HatRed Hat Satellite 6.19 for RHEL 90:4.20.0.4-1.el9sat
Red HatRed Hat Satellite 6.17 for RHEL 90:0.4.3-1.el9sat, 0:0.4.3-1.el9sat, 0:0.4.3-1.el9sat
Red HatRed Hat Satellite 6.17 for RHEL 90:0.1.23-0.3.el9pc, 0:0.1.23-0.3.el9pc, 0:0.1.23-0.3.el9pc
Red HatRed Hat Satellite 6.17 for RHEL 90:0.13.0-1.el9sat, 0:0.13.0-1.el9sat, 0:0.13.0-1.el9sat
Red HatRed Hat Satellite 6.17 for RHEL 90:2.22.3-1.el9pc, 0:2.22.3-1.el9pc, 0:2.22.3-1.el9pc
Red HatRed Hat Satellite 6
Red HatRed Hat Satellite 6.17 for RHEL 90:1.5.1-1.el9sat, 0:1.5.1-1.el9sat, 0:1.5.1-1.el9sat
Red HatRed Hat Satellite 6.17 for RHEL 90:3.14.0.14-1.el9sat, *, 0:3.14.0.14-1.el9sat

Timeline

  • Mar 17, 2026 CVE Published
  • Mar 18, 2026 EPSS Score
  • Mar 19, 2026 EPSS Score
  • Mar 19, 2026 Security Advisory
  • Mar 20, 2026 EPSS Score
  • Mar 20, 2026 Coalition ESS Score
  • Mar 21, 2026 EPSS Score
  • Mar 21, 2026 Coalition ESS Score
  • Mar 22, 2026 EPSS Score
  • Mar 23, 2026 EPSS Score
  • Mar 24, 2026 EPSS Score
  • Mar 25, 2026 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›