Privilege escalation in Red Hat Satellite 6
CVE-2026-5136
A flaw was found in Foreman. The Usergroup model in Foreman does not properly validate role assignments against the calling user's permissions. This allows an authenticated user with usergroup management permissions to attach arbitrary rol…
CVSS v3 metric
CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Red Hat Satellite 6
- Red Hat Satellite 6.16 For Rhel 8 — versions 0:3.12.0.17-1.el8sat
- Red Hat Satellite 6.16 For Rhel 9 — versions 0:3.12.0.17-1.el9sat
- Red Hat Satellite 6.17 For Rhel 9 — versions 0:3.14.0.17-1.el9sat
- Red Hat Satellite 6.18 For Rhel 9 — versions 0:3.16.0.17-1.el9sat
- Red Hat Satellite 6.19 For Rhel 9 — versions 0:3.18.0.7-1.el9sat
Weakness classification (CWE)
References
- secalert@redhat.com (x_refsource_REDHAT, vdb-entry)
- secalert@redhat.com (x_refsource_REDHAT, issue-tracking)
- secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)
- secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)
- secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)
- secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)
Frequently asked questions
- What is CVE-2026-5136?
- CVE-2026-5136 is a high-severity vulnerability in Red Hat Satellite 6, classified under Incorrect Privilege Assignment. CVSS score: 8.8/10. Published 2026-07-01.
- How severe is CVE-2026-5136?
- High severity. CVSS v3 base score is 8.8 out of 10.