VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-zqkc-zwfa-1qfx

Essentials
Severities (30)
References (18)
Severity details (20)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-zqkc-zwfa-1qfx
Aliases	CVE-2026-4324 GHSA-fwj4-6wgp-mpxm
Summary	Katello: Denial of Service and potential information disclosure via SQL injection A flaw was found in the Katello plugin for Red Hat Satellite. This vulnerability, caused by improper sanitization of user-provided input, allows a remote attacker to inject arbitrary SQL commands into the sort_by parameter of the /api/hosts/bootc_images API endpoint. This can lead to a Denial of Service (DoS) by triggering database errors, and potentially enable Boolean-based Blind SQL injection, which could allow an attacker to extract sensitive information from the database.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

System	Score	Found at
cvssv3.1	5.4	https://access.redhat.com/errata/RHSA-2026:5968
generic_textual	MODERATE	https://access.redhat.com/errata/RHSA-2026:5968
ssvc	Track	https://access.redhat.com/errata/RHSA-2026:5968
cvssv3.1	5.4	https://access.redhat.com/errata/RHSA-2026:5970
generic_textual	MODERATE	https://access.redhat.com/errata/RHSA-2026:5970
ssvc	Track	https://access.redhat.com/errata/RHSA-2026:5970
cvssv3	5.4	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4324.json
cvssv3	5.4	https://access.redhat.com/security/cve/CVE-2026-4324
cvssv3.1	5.4	https://access.redhat.com/security/cve/CVE-2026-4324
generic_textual	MODERATE	https://access.redhat.com/security/cve/CVE-2026-4324
ssvc	Track	https://access.redhat.com/security/cve/CVE-2026-4324
epss	0.0008	https://api.first.org/data/v1/epss?cve=CVE-2026-4324
epss	0.0008	https://api.first.org/data/v1/epss?cve=CVE-2026-4324
epss	0.0008	https://api.first.org/data/v1/epss?cve=CVE-2026-4324
epss	0.0008	https://api.first.org/data/v1/epss?cve=CVE-2026-4324
epss	0.0008	https://api.first.org/data/v1/epss?cve=CVE-2026-4324
epss	0.0008	https://api.first.org/data/v1/epss?cve=CVE-2026-4324
epss	0.0008	https://api.first.org/data/v1/epss?cve=CVE-2026-4324
epss	0.0008	https://api.first.org/data/v1/epss?cve=CVE-2026-4324
epss	0.0008	https://api.first.org/data/v1/epss?cve=CVE-2026-4324
cvssv3.1	5.4	https://bugzilla.redhat.com/show_bug.cgi?id=2448349
generic_textual	MODERATE	https://bugzilla.redhat.com/show_bug.cgi?id=2448349
ssvc	Track	https://bugzilla.redhat.com/show_bug.cgi?id=2448349
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-fwj4-6wgp-mpxm
cvssv3.1	5.4	https://github.com/Katello/katello
generic_textual	MODERATE	https://github.com/Katello/katello
cvssv3.1	5.4	https://github.com/Katello/katello/commit/a0a793b08d4f0a897ee985d79a687ad043f99e57
generic_textual	MODERATE	https://github.com/Katello/katello/commit/a0a793b08d4f0a897ee985d79a687ad043f99e57
cvssv3.1	5.4	https://nvd.nist.gov/vuln/detail/CVE-2026-4324
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2026-4324

Reference id	Reference type	URL
		https://access.redhat.com/errata/RHSA-2026:5968
		https://access.redhat.com/errata/RHSA-2026:5970
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4324.json
		https://access.redhat.com/security/cve/CVE-2026-4324
		https://api.first.org/data/v1/epss?cve=CVE-2026-4324
		https://bugzilla.redhat.com/show_bug.cgi?id=2448349
		https://github.com/Katello/katello
		https://github.com/Katello/katello/commit/a0a793b08d4f0a897ee985d79a687ad043f99e57
		https://nvd.nist.gov/vuln/detail/CVE-2026-4324
cpe:/a:redhat:satellite:6		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6
cpe:/a:redhat:satellite:6.17::el9		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6.17::el9
cpe:/a:redhat:satellite:6.18::el9		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6.18::el9
cpe:/a:redhat:satellite_capsule:6.17::el9		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_capsule:6.17::el9
cpe:/a:redhat:satellite_capsule:6.18::el9		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_capsule:6.18::el9
cpe:/a:redhat:satellite_maintenance:6.17::el9		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_maintenance:6.17::el9
cpe:/a:redhat:satellite_utils:6.17::el9		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_utils:6.17::el9
cpe:/a:redhat:satellite_utils:6.18::el9		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_utils:6.18::el9
GHSA-fwj4-6wgp-mpxm		https://github.com/advisories/GHSA-fwj4-6wgp-mpxm

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L Found at https://access.redhat.com/errata/RHSA-2026:5968

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-17T14:26:51Z/ Found at https://access.redhat.com/errata/RHSA-2026:5968

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L Found at https://access.redhat.com/errata/RHSA-2026:5970

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-17T14:26:51Z/ Found at https://access.redhat.com/errata/RHSA-2026:5970

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4324.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L Found at https://access.redhat.com/security/cve/CVE-2026-4324

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-17T14:26:51Z/ Found at https://access.redhat.com/security/cve/CVE-2026-4324

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L Found at https://bugzilla.redhat.com/show_bug.cgi?id=2448349

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-17T14:26:51Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2448349

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L Found at https://github.com/Katello/katello

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L Found at https://github.com/Katello/katello/commit/a0a793b08d4f0a897ee985d79a687ad043f99e57

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L Found at https://nvd.nist.gov/vuln/detail/CVE-2026-4324

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.23833
EPSS Score	0.0008
Published At	April 2, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T12:53:49.700314+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-fwj4-6wgp-mpxm/GHSA-fwj4-6wgp-mpxm.json	38.0.0