PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-5138 Red Hat CVE debrief

A flaw was found in Foreman, an authenticated user with host-edit permissions could exploit a cross-tenant information disclosure vulnerability. This flaw occurs because the taxonomy_scope controller method does not properly validate organization and location IDs from nested request parameters, bypassing existing authorization checks. The vulnerability allows users to leak sensitive infrastructure metadata, including subnet topology, IP ranges, gateways, DNS servers, and VLAN IDs, from organizations and locations they are not authorized to access. Users of Red Hat Satellite and Foreman should be aware of this vulnerability and take steps to mitigate it. This includes applying the provided patches and ensuring that users with host-edit permissions are properly authorized. The CVE-2026-5138 vulnerability is a cross-tenant information disclosure issue in Foreman. It allows authenticated users with host-edit permissions to leak sensitive infrastructure metadata. The flaw is caused by the taxonomy_scope controller method not properly validating organization and location IDs from nested request parameters, which bypasses existing authorization checks.

Vendor
Red Hat
Product
Red Hat Satellite 6.16 for RHEL 8
CVSS
MEDIUM 4.3
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-01
Original CVE updated
2026-07-09
Advisory published
2026-07-01
Advisory updated
2026-07-09

Who should care

Users of Red Hat Satellite and Foreman should be aware of this vulnerability and take steps to mitigate it. This includes applying the provided patches and ensuring that users with host-edit permissions are properly authorized.

Technical summary

The CVE-2026-5138 vulnerability is a cross-tenant information disclosure issue in Foreman. It allows authenticated users with host-edit permissions to leak sensitive infrastructure metadata, including subnet topology, IP ranges, gateways, DNS servers, and VLAN IDs, from organizations and locations they are not authorized to access. The flaw is caused by the taxonomy_scope controller method not properly validating organization and location IDs from nested request parameters, which bypasses existing authorization checks.

Defensive priority

Medium priority should be given to patching this vulnerability, as it allows for information disclosure and could potentially be used by attackers to gain unauthorized access to sensitive information.

Recommended defensive actions

  • Apply patches provided by Red Hat to address the vulnerability
  • Ensure that users with host-edit permissions are properly authorized and monitored
  • Monitor for any suspicious activity that could indicate exploitation of this vulnerability
  • Consider implementing additional security measures, such as network segmentation and access controls, to limit the potential impact of this vulnerability
  • Review compensating controls for exposed systems while remediation is scheduled and verified
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented

Evidence notes

The CVE-2026-5138 vulnerability was reported by an unknown source and is described in the NVD database. The vulnerability affects Red Hat Satellite and Foreman, and patches are available to address the issue.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-01T15:17:11.860Z and has not been modified since then.