PatchSiren cyber security CVE debrief
CVE-2026-5138 Red Hat CVE debrief
A flaw was found in Foreman, an authenticated user with host-edit permissions could exploit a cross-tenant information disclosure vulnerability. This flaw occurs because the taxonomy_scope controller method does not properly validate organization and location IDs from nested request parameters, bypassing existing authorization checks. The vulnerability allows users to leak sensitive infrastructure metadata, including subnet topology, IP ranges, gateways, DNS servers, and VLAN IDs, from organizations and locations they are not authorized to access. Users of Red Hat Satellite and Foreman should be aware of this vulnerability and take steps to mitigate it. This includes applying the provided patches and ensuring that users with host-edit permissions are properly authorized. The CVE-2026-5138 vulnerability is a cross-tenant information disclosure issue in Foreman. It allows authenticated users with host-edit permissions to leak sensitive infrastructure metadata. The flaw is caused by the taxonomy_scope controller method not properly validating organization and location IDs from nested request parameters, which bypasses existing authorization checks.
- Vendor
- Red Hat
- Product
- Red Hat Satellite 6.16 for RHEL 8
- CVSS
- MEDIUM 4.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-01
- Original CVE updated
- 2026-07-09
- Advisory published
- 2026-07-01
- Advisory updated
- 2026-07-09
Who should care
Users of Red Hat Satellite and Foreman should be aware of this vulnerability and take steps to mitigate it. This includes applying the provided patches and ensuring that users with host-edit permissions are properly authorized.
Technical summary
The CVE-2026-5138 vulnerability is a cross-tenant information disclosure issue in Foreman. It allows authenticated users with host-edit permissions to leak sensitive infrastructure metadata, including subnet topology, IP ranges, gateways, DNS servers, and VLAN IDs, from organizations and locations they are not authorized to access. The flaw is caused by the taxonomy_scope controller method not properly validating organization and location IDs from nested request parameters, which bypasses existing authorization checks.
Defensive priority
Medium priority should be given to patching this vulnerability, as it allows for information disclosure and could potentially be used by attackers to gain unauthorized access to sensitive information.
Recommended defensive actions
- Apply patches provided by Red Hat to address the vulnerability
- Ensure that users with host-edit permissions are properly authorized and monitored
- Monitor for any suspicious activity that could indicate exploitation of this vulnerability
- Consider implementing additional security measures, such as network segmentation and access controls, to limit the potential impact of this vulnerability
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
Evidence notes
The CVE-2026-5138 vulnerability was reported by an unknown source and is described in the NVD database. The vulnerability affects Red Hat Satellite and Foreman, and patches are available to address the issue.
Official resources
-
CVE-2026-5138 CVE record
CVE.org
-
CVE-2026-5138 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Issue Tracking, Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-01T15:17:11.860Z and has not been modified since then.