Red Hat CVE-2026-0980
HIGHSeverity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
Lifecycle Timeline
3DescriptionCVE.org
A flaw was found in rubyipmi, a gem used in the Baseboard Management Controller (BMC) component of Red Hat Satellite. An authenticated attacker with host creation or update permissions could exploit this vulnerability by crafting a malicious username for the BMC interface. This could lead to remote code execution (RCE) on the system.
AnalysisAI
Remote code execution in Red Hat Satellite's rubyipmi BMC component allows authenticated users with host creation or update permissions to execute arbitrary code by injecting malicious input into the BMC username field. An attacker with these privileges can compromise the underlying system through command injection. No patch is currently available for this vulnerability.
Technical ContextAI
Classified as CWE-78 (OS Command Injection). Affects Satellite. A flaw was found in rubyipmi, a gem used in the Baseboard Management Controller (BMC) component of Red Hat Satellite. An authenticated attacker with host creation or update permissions could exploit this vulnerability by crafting a malicious username for the BMC interface. This could lead to remote code execution (RCE) on the system.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
Same weakness CWE-78 – OS Command Injection
View allVendor StatusVendor
Share
External POC / Exploit Code
Leaving vuln.today
GHSA-hfcp-477w-3wjw