Skip to main content

Red Hat CVE-2026-4324

| EUVDEUVD-2026-12572 MEDIUM
SQL Injection (CWE-89)
2026-03-17 redhat GHSA-fwj4-6wgp-mpxm
5.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.4 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
Red Hat
5.4 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
Low

Lifecycle Timeline

4
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 17, 2026 - 20:30 euvd
EUVD-2026-12572
Analysis Generated
Mar 17, 2026 - 20:30 vuln.today
CVE Published
Mar 17, 2026 - 13:52 nvd
MEDIUM 5.4

DescriptionCVE.org

A flaw was found in the Katello plugin for Red Hat Satellite. This vulnerability, caused by improper sanitization of user-provided input, allows a remote attacker to inject arbitrary SQL commands into the sort_by parameter of the /api/hosts/bootc_images API endpoint. This can lead to a Denial of Service (DoS) by triggering database errors, and potentially enable Boolean-based Blind SQL injection, which could allow an attacker to extract sensitive information from the database.

AnalysisAI

SQL injection in the Katello plugin for Red Hat Satellite 6 allows authenticated remote attackers to execute arbitrary SQL commands via the sort_by parameter in the /api/hosts/bootc_images endpoint. An attacker can exploit this flaw to trigger database errors causing denial of service or conduct blind SQL injection attacks to extract sensitive information from the database. No patch is currently available for this vulnerability.

Technical ContextAI

SQL injection occurs when user-supplied input is incorporated into SQL queries without proper sanitization or parameterized queries.

RemediationAI

Use parameterized queries or prepared statements. Apply input validation and escape special characters. Implement least-privilege database accounts.

Vendor StatusVendor

Share

CVE-2026-4324 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy