CVE-2026-1531
HIGH
GHSA-2qxw-7fmx-gqfm
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
3Description
A flaw was found in foreman_kubevirt. When configuring the connection to OpenShift, the system disables SSL verification if a Certificate Authority (CA) certificate is not explicitly set. This insecure default allows a remote attacker, capable of intercepting network traffic between Satellite and OpenShift, to perform a Man-in-the-Middle (MITM) attack. Such an attack could lead to the disclosure or alteration of sensitive information.
Analysis
Foreman KubeVirt disables SSL/TLS certificate verification by default when a CA certificate is not explicitly configured, enabling network-positioned attackers to intercept and manipulate communications between Satellite and OpenShift clusters. This man-in-the-middle vulnerability affects authenticated users and could result in unauthorized access to or modification of sensitive deployment data. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all Foreman KubeVirt instances and identify those with OpenShift connections lacking explicit CA certificate configuration. Within 7 days: Implement mandatory CA certificate deployment across all OpenShift connections and enable SSL/TLS verification enforcement through configuration hardening. …
Sign in for detailed remediation steps.
Priority Score
Vendor Status
Share
External POC / Exploit Code
Leaving vuln.today