Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Wed, 01 Jul 2026 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 01 Jul 2026 14:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A flaw was found in Foreman. This broken access control vulnerability allows an authenticated user with host-edit permissions to retarget an existing lookup value override to a different host. This is achieved by modifying the match field through nested host attributes, effectively bypassing authorisation checks. The consequence is the potential for unauthorised modification of managed host configurations across different organisational and location boundaries. | |
| Title | Foreman: foreman: unauthorized modification of host configurations via broken access control | |
| First Time appeared |
Redhat
Redhat satellite |
|
| Weaknesses | CWE-639 | |
| CPEs | cpe:/a:redhat:satellite:6 | |
| Vendors & Products |
Redhat
Redhat satellite |
|
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: redhat
Published:
Updated: 2026-07-01T14:54:21.883Z
Reserved: 2026-03-30T10:42:55.307Z
Link: CVE-2026-5135
Updated: 2026-07-01T14:52:31.307Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-01T16:45:04Z