CVE-2026-1530
HIGH
GHSA-m3hq-3qj8-c5fm
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
3Description
A flaw was found in fog-kubevirt. This vulnerability allows a remote attacker to perform a Man-in-the-Middle (MITM) attack due to disabled certificate validation. This enables the attacker to intercept and potentially alter sensitive communications between Satellite and OpenShift, resulting in information disclosure and data integrity compromise.
Analysis
Improper certificate validation in fog-kubevirt enables remote attackers with network access to conduct man-in-the-middle attacks against communications between Satellite and OpenShift clusters, potentially exposing sensitive data and modifying traffic in transit. An authenticated attacker can exploit this vulnerability to intercept and tamper with cluster management communications due to disabled SSL/TLS certificate verification. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all systems running fog-kubevirt and assess exposure in your environment; document affected applications and business criticality. Within 7 days: Implement network segmentation to restrict fog-kubevirt communications to trusted networks only and enable enhanced monitoring for suspicious TLS/SSL activities. …
Sign in for detailed remediation steps.
Priority Score
Vendor Status
Share
External POC / Exploit Code
Leaving vuln.today