What is the CVSS score of CVE-2026-1961?

CVE-2026-1961 has a CVSS 3.1 base score of 8.0 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of Red Hat are affected by CVE-2026-1961?

Red Hat Foreman and Satellite 6 deployments are vulnerable to remote code execution through the VM VNC console WebSocket proxy, allowing attackers with low-privileged access to execute arbitrary…. A patch is available.

How to fix or mitigate CVE-2026-1961?

Within 24 hours: inventory all Red Hat Foreman and Satellite 6 instances, document versions, and identify which systems have external or untrusted compute resource server connections. Within 7 days: implement network segmentation to restrict compute resource server access and disable VNC console functionality if operationally feasible, pending vendor patch availability. Within 30 days: maintain continuous monitoring for vendor patch release and prepare a rapid deployment plan; evaluate migration or air-gapping of critical Foreman/Satellite instances if compensating controls prove insufficient.

Red Hat CVE-2026-1961

EUVD-2026-16167 HIGH

OS Command Injection (CWE-78)

2026-03-26 redhat

GHSA-fh2w-2c26-vpg5

Command Injection RCE Red Hat

8.0

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

8.0 HIGH

AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Red Hat

8.0 HIGH

qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch released

Apr 09, 2026 - 14:30 nvd

Patch available

EUVD ID Assigned

Mar 26, 2026 - 13:15 euvd

EUVD-2026-16167

Analysis Generated

Mar 26, 2026 - 13:15 vuln.today

CVE Published

Mar 26, 2026 - 12:53 nvd

HIGH 8.0

DescriptionCVE.org

A flaw was found in Foreman. A remote attacker could exploit a command injection vulnerability in Foreman's WebSocket proxy implementation. This vulnerability arises from the system's use of unsanitized hostname values from compute resource providers when constructing shell commands. By operating a malicious compute resource server, an attacker could achieve remote code execution on the Foreman server when a user accesses VM VNC console functionality. This could lead to the compromise of sensitive credentials and the entire managed infrastructure.

Articles & Coverage 1

securityonline.info CVE-2026-1961: RCE via Command Injection in Foreman WebSocket Proxy

AnalysisAI

Remote code execution is achievable in Red Hat Foreman and Satellite 6 via command injection in the WebSocket proxy implementation when users access VM VNC console functionality. An attacker controlling a malicious compute resource server can inject unsanitized hostname values into shell commands, compromising the Foreman server and potentially the entire managed infrastructure. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Set up malicious compute resource server

Delivery

Attacker logs into Foreman with valid account

Exploit

User accesses VM VNC console

Execution

Unsanitized hostname injected into shell command

Impact

Remote code execution on Foreman server

Access

Set up malicious compute resource server

Delivery

Attacker logs into Foreman with valid account

Exploit

User accesses VM VNC console

Execution

Unsanitized hostname injected into shell command

Impact

Remote code execution on Foreman server

Vulnerability AssessmentAI

Exploitation	Requires authenticated Foreman user with permission to access VM VNC console. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	The CVSS score of 8.0 (High severity) reflects the vulnerability's substantial impact with CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H, indicating network-accessible exploitation with low complexity but requiring low-privileged authentication and user interaction. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker establishes a malicious compute resource server (e.g., a rogue OpenStack or VMware endpoint) and configures it to return specially crafted hostname values containing shell metacharacters and command injection payloads. The attacker then socially engineers a Foreman administrator or convinces them through legitimate workflow to add this malicious compute resource to the Foreman instance or access VNC console functionality for a VM on this infrastructure. …
Remediation	Apply security patches provided by Red Hat for Satellite 6 as documented in the vendor advisory at https://access.redhat.com/security/cve/CVE-2026-1961. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: inventory all Red Hat Foreman and Satellite 6 instances, document versions, and identify which systems have external or untrusted compute resource server connections. …

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

CVE-2026-1961 vulnerability details – vuln.today

Back

Red Hat CVE-2026-1961

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

Articles & Coverage 1

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

Vendor StatusVendor

Share

External POC / Exploit Code