Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-dhq1-5etu-kqb5
Vulnerability ID VCID-dhq1-5etu-kqb5
Aliases CVE-2026-1961
Summary forman: Foreman: Remote Code Execution via command injection in WebSocket proxy
Status Published
Exploitability 0.5
Weighted Severity 7.2
Risk 3.6
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
System Score Found at
cvssv3.1 8 https://access.redhat.com/errata/RHSA-2026:5968
ssvc Track* https://access.redhat.com/errata/RHSA-2026:5968
cvssv3.1 8 https://access.redhat.com/errata/RHSA-2026:5970
ssvc Track* https://access.redhat.com/errata/RHSA-2026:5970
cvssv3.1 8 https://access.redhat.com/errata/RHSA-2026:5971
ssvc Track* https://access.redhat.com/errata/RHSA-2026:5971
cvssv3 8.0 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1961.json
cvssv3.1 8 https://access.redhat.com/security/cve/CVE-2026-1961
ssvc Track* https://access.redhat.com/security/cve/CVE-2026-1961
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2026-1961
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2026-1961
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2026-1961
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2026-1961
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2026-1961
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2026-1961
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2026-1961
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2026-1961
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2026-1961
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2026-1961
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2026-1961
epss 0.00142 https://api.first.org/data/v1/epss?cve=CVE-2026-1961
epss 0.00142 https://api.first.org/data/v1/epss?cve=CVE-2026-1961
epss 0.00142 https://api.first.org/data/v1/epss?cve=CVE-2026-1961
cvssv3.1 8 https://bugzilla.redhat.com/show_bug.cgi?id=2437036
ssvc Track* https://bugzilla.redhat.com/show_bug.cgi?id=2437036
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1961.json
https://api.first.org/data/v1/epss?cve=CVE-2026-1961
2437036 https://bugzilla.redhat.com/show_bug.cgi?id=2437036
cpe:/a:redhat:satellite:6 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6
cpe:/a:redhat:satellite:6.16::el8 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6.16::el8
cpe:/a:redhat:satellite:6.16::el9 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6.16::el9
cpe:/a:redhat:satellite:6.17::el9 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6.17::el9
cpe:/a:redhat:satellite:6.18::el9 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6.18::el9
cpe:/a:redhat:satellite_capsule:6.16::el8 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_capsule:6.16::el8
cpe:/a:redhat:satellite_capsule:6.16::el9 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_capsule:6.16::el9
cpe:/a:redhat:satellite_capsule:6.17::el9 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_capsule:6.17::el9
cpe:/a:redhat:satellite_capsule:6.18::el9 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_capsule:6.18::el9
cpe:/a:redhat:satellite_maintenance:6.16::el9 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_maintenance:6.16::el9
cpe:/a:redhat:satellite_maintenance:6.17::el9 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_maintenance:6.17::el9
cpe:/a:redhat:satellite_utils:6.16::el8 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_utils:6.16::el8
cpe:/a:redhat:satellite_utils:6.16::el9 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_utils:6.16::el9
cpe:/a:redhat:satellite_utils:6.17::el9 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_utils:6.17::el9
cpe:/a:redhat:satellite_utils:6.18::el9 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_utils:6.18::el9
CVE-2026-1961 https://access.redhat.com/security/cve/CVE-2026-1961
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHSA-2026:5968
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-26T13:11:15Z/ Found at https://access.redhat.com/errata/RHSA-2026:5968
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHSA-2026:5970
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-26T13:11:15Z/ Found at https://access.redhat.com/errata/RHSA-2026:5970
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHSA-2026:5971
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-26T13:11:15Z/ Found at https://access.redhat.com/errata/RHSA-2026:5971
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1961.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/security/cve/CVE-2026-1961
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-26T13:11:15Z/ Found at https://access.redhat.com/security/cve/CVE-2026-1961
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://bugzilla.redhat.com/show_bug.cgi?id=2437036
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-26T13:11:15Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2437036
Exploit Prediction Scoring System (EPSS)
Percentile 0.10787
EPSS Score 0.00036
Published At April 21, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:30:14.797875+00:00 RedHat Importer Import https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1961.json 38.0.0