Foreman-kubevirt: foreman_kubevirt: man-in-the-middle due to insecure default ssl verification
Summary
| CVE | CVE-2026-1531 |
|---|---|
| State | PUBLISHED |
| Assigner | redhat |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-02-02 06:16:20 UTC |
| Updated | 2026-06-30 03:17:18 UTC |
| Description | A flaw was found in foreman_kubevirt. When configuring the connection to OpenShift, the system disables SSL verification if a Certificate Authority (CA) certificate is not explicitly set. This insecure default allows a remote attacker, capable of intercepting network traffic between Satellite and OpenShift, to perform a Man-in-the-Middle (MITM) attack. Such an attack could lead to the disclosure or alteration of sensitive information. |
Risk And Classification
Primary CVSS: v3.1 8.1 HIGH from ADP
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS: 0.002740000 probability, percentile 0.191930000 (date 2026-07-01)
Problem Types: CWE-295 | CWE-295 Improper Certificate Validation
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | ADP | CVSS | 8.1 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
| 3.1 | [email protected] | Secondary | 8.1 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
| 3.1 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | Secondary | 8.1 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
| 3.1 | CNA | CVSS | 8.1 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
CVSS v3.1 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Red Hat | Red Hat Satellite 6.16 For RHEL 8 | unaffected 0:0.2.0-2.el8sat * rpm | Not specified |
| CNA | Red Hat | Red Hat Satellite 6.16 For RHEL 9 | unaffected 0:0.2.0-2.el9sat * rpm | Not specified |
| CNA | Red Hat | Red Hat Satellite 6.17 For RHEL 9 | unaffected 0:3.14.0.14-1.el9sat * rpm | Not specified |
| CNA | Red Hat | Red Hat Satellite 6.17 For RHEL 9 | unaffected 0:0.1.23-0.3.el9pc * rpm | Not specified |
| CNA | Red Hat | Red Hat Satellite 6.17 For RHEL 9 | unaffected 0:1.2.0-0.1.el9pc * rpm | Not specified |
| CNA | Red Hat | Red Hat Satellite 6.17 For RHEL 9 | unaffected 0:4.2.28-0.1.el9pc * rpm | Not specified |
| CNA | Red Hat | Red Hat Satellite 6.17 For RHEL 9 | unaffected 0:2.22.3-1.el9pc * rpm | Not specified |
| CNA | Red Hat | Red Hat Satellite 6.17 For RHEL 9 | unaffected 0:3.27.10-2.el9pc * rpm | Not specified |
| CNA | Red Hat | Red Hat Satellite 6.17 For RHEL 9 | unaffected 0:1.5.1-1.el9sat * rpm | Not specified |
| CNA | Red Hat | Red Hat Satellite 6.17 For RHEL 9 | unaffected 0:0.4.3-1.el9sat * rpm | Not specified |
| CNA | Red Hat | Red Hat Satellite 6.17 For RHEL 9 | unaffected 0:4.16.0.14-1.el9sat * rpm | Not specified |
| CNA | Red Hat | Red Hat Satellite 6.17 For RHEL 9 | unaffected 0:0.13.0-1.el9sat * rpm | Not specified |
| CNA | Red Hat | Red Hat Satellite 6.17 For RHEL 9 | unaffected 0:6.17.7-1.el9sat * rpm | Not specified |
| CNA | Red Hat | Red Hat Satellite 6.17 For RHEL 9 | unaffected 0:0.0.3-4.el9sat * rpm | Not specified |
| CNA | Red Hat | Red Hat Satellite 6.17 For RHEL 9 | unaffected 0:3.14.0.14-1.el9sat * rpm | Not specified |
| CNA | Red Hat | Red Hat Satellite 6.17 For RHEL 9 | unaffected 0:0.1.23-0.3.el9pc * rpm | Not specified |
| CNA | Red Hat | Red Hat Satellite 6.17 For RHEL 9 | unaffected 0:1.2.0-0.1.el9pc * rpm | Not specified |
| CNA | Red Hat | Red Hat Satellite 6.17 For RHEL 9 | unaffected 0:4.2.28-0.1.el9pc * rpm | Not specified |
| CNA | Red Hat | Red Hat Satellite 6.17 For RHEL 9 | unaffected 0:2.22.3-1.el9pc * rpm | Not specified |
| CNA | Red Hat | Red Hat Satellite 6.17 For RHEL 9 | unaffected 0:3.27.10-2.el9pc * rpm | Not specified |
| CNA | Red Hat | Red Hat Satellite 6.17 For RHEL 9 | unaffected 0:1.5.1-1.el9sat * rpm | Not specified |
| CNA | Red Hat | Red Hat Satellite 6.17 For RHEL 9 | unaffected 0:0.4.3-1.el9sat * rpm | Not specified |
| CNA | Red Hat | Red Hat Satellite 6.17 For RHEL 9 | unaffected 0:4.16.0.14-1.el9sat * rpm | Not specified |
| CNA | Red Hat | Red Hat Satellite 6.17 For RHEL 9 | unaffected 0:0.13.0-1.el9sat * rpm | Not specified |
| CNA | Red Hat | Red Hat Satellite 6.17 For RHEL 9 | unaffected 0:6.17.7-1.el9sat * rpm | Not specified |
| CNA | Red Hat | Red Hat Satellite 6.17 For RHEL 9 | unaffected 0:0.0.3-4.el9sat * rpm | Not specified |
| CNA | Red Hat | Red Hat Satellite 6.18 For RHEL 9 | unaffected 0:0.4.3-1.el9sat * rpm | Not specified |
| CNA | Red Hat | Red Hat Satellite 6 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Satellite 6.16 For RHEL 8 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Satellite 6.16 For RHEL 9 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Satellite 6.17 For RHEL 9 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Satellite 6.18 For RHEL 9 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Satellite 6 | Not specified | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| access.redhat.com/errata/RHSA-2026:5970 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| access.redhat.com/security/cve/CVE-2026-1531 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1531.json | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | security.access.redhat.com | |
| access.redhat.com/errata/RHSA-2026:5968 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| bugzilla.redhat.com/show_bug.cgi | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | bugzilla.redhat.com | |
| access.redhat.com/errata/RHSA-2026:5971 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
CNA: This issue was discovered by Evgeni Golov (Red Hat). (en)
Additional Advisory Data
| Source | Time | Event |
|---|---|---|
| CNA | 2026-01-28T12:50:13.269Z | Reported to Red Hat. |
| CNA | 2026-01-28T12:34:00.000Z | Made public. |
| ADP | 2026-01-28T12:50:13.269Z | Reported to Red Hat. |
| ADP | 2026-01-28T12:34:00.000Z | Made public. |
Solutions
ADP: RHSA-2026:5971: Red Hat Satellite 6.16 for RHEL 8, Red Hat Satellite 6.16 for RHEL 9
ADP: RHSA-2026:5970: Red Hat Satellite 6.17 for RHEL 9
ADP: RHSA-2026:5968: Red Hat Satellite 6.18 for RHEL 9
Workarounds
CNA: To mitigate this issue, ensure that a Certificate Authority (CA) certificate is explicitly configured when setting up the connection to OpenShift in foreman_kubevirt. This will enable SSL verification and prevent Man-in-the-Middle attacks. Refer to the foreman_kubevirt documentation for specific instructions on configuring CA certificates. A restart or service reload may be required for the changes to take effect.
ADP: To mitigate this issue, ensure that a Certificate Authority (CA) certificate is explicitly configured when setting up the connection to OpenShift in foreman_kubevirt. This will enable SSL verification and prevent Man-in-the-Middle attacks. Refer to the foreman_kubevirt documentation for specific instructions on configuring CA certificates. A restart or service reload may be required for the changes to take effect.