{"api_version":"1","generated_at":"2026-07-04T03:09:20+00:00","cve":"CVE-2026-1530","urls":{"html":"https://cve.report/CVE-2026-1530","api":"https://cve.report/api/cve/CVE-2026-1530.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-1530","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-1530"},"summary":{"title":"Fog-kubevirt: fog-kubevirt: man-in-the-middle vulnerability due to disabled certificate validation","description":"A flaw was found in fog-kubevirt. This vulnerability allows a remote attacker to perform a Man-in-the-Middle (MITM) attack due to disabled certificate validation. This enables the attacker to intercept and potentially alter sensitive communications between Satellite and OpenShift, resulting in information disclosure and data integrity compromise.","state":"PUBLISHED","assigner":"redhat","published_at":"2026-02-02 06:16:20","updated_at":"2026-06-30 03:17:17"},"problem_types":["CWE-295","CWE-295 Improper Certificate Validation"],"metrics":[{"version":"3.1","source":"ADP","type":"CVSS","score":"8.1","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":8.1,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","version":"3.1"}},{"version":"3.1","source":"secalert@redhat.com","type":"Secondary","score":"8.1","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"}},{"version":"3.1","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","score":"8.1","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"8.1","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":8.1,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","version":"3.1"}}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:5970","name":"https://access.redhat.com/errata/RHSA-2026:5970","refsource":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2433784","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2433784","refsource":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2026:5971","name":"https://access.redhat.com/errata/RHSA-2026:5971","refsource":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1530.json","name":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1530.json","refsource":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/security/cve/CVE-2026-1530","name":"https://access.redhat.com/security/cve/CVE-2026-1530","refsource":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-1530","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-1530","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Red Hat","product":"Red Hat Satellite 6.16 for RHEL 8","version":"unaffected 0:1.5.1-1.el8sat * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Satellite 6.16 for RHEL 9","version":"unaffected 0:1.5.1-1.el9sat * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Satellite 6.17 for RHEL 9","version":"unaffected 0:3.14.0.14-1.el9sat * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Satellite 6.17 for RHEL 9","version":"unaffected 0:0.1.23-0.3.el9pc * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Satellite 6.17 for RHEL 9","version":"unaffected 0:1.2.0-0.1.el9pc * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Satellite 6.17 for RHEL 9","version":"unaffected 0:4.2.28-0.1.el9pc * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Satellite 6.17 for RHEL 9","version":"unaffected 0:2.22.3-1.el9pc * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Satellite 6.17 for RHEL 9","version":"unaffected 0:3.27.10-2.el9pc * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Satellite 6.17 for RHEL 9","version":"unaffected 0:1.5.1-1.el9sat * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Satellite 6.17 for RHEL 9","version":"unaffected 0:0.4.3-1.el9sat * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Satellite 6.17 for RHEL 9","version":"unaffected 0:4.16.0.14-1.el9sat * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Satellite 6.17 for RHEL 9","version":"unaffected 0:0.13.0-1.el9sat * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Satellite 6.17 for RHEL 9","version":"unaffected 0:6.17.7-1.el9sat * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Satellite 6.17 for RHEL 9","version":"unaffected 0:0.0.3-4.el9sat * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Satellite 6.17 for RHEL 9","version":"unaffected 0:3.14.0.14-1.el9sat * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Satellite 6.17 for RHEL 9","version":"unaffected 0:0.1.23-0.3.el9pc * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Satellite 6.17 for RHEL 9","version":"unaffected 0:1.2.0-0.1.el9pc * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Satellite 6.17 for RHEL 9","version":"unaffected 0:4.2.28-0.1.el9pc * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Satellite 6.17 for RHEL 9","version":"unaffected 0:2.22.3-1.el9pc * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Satellite 6.17 for RHEL 9","version":"unaffected 0:3.27.10-2.el9pc * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Satellite 6.17 for RHEL 9","version":"unaffected 0:1.5.1-1.el9sat * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Satellite 6.17 for RHEL 9","version":"unaffected 0:0.4.3-1.el9sat * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Satellite 6.17 for RHEL 9","version":"unaffected 0:4.16.0.14-1.el9sat * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Satellite 6.17 for RHEL 9","version":"unaffected 0:0.13.0-1.el9sat * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Satellite 6.17 for RHEL 9","version":"unaffected 0:6.17.7-1.el9sat * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Satellite 6.17 for RHEL 9","version":"unaffected 0:0.0.3-4.el9sat * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Satellite 6","version":"","platforms":[]},{"source":"ADP","vendor":"Red Hat","product":"Red Hat Satellite 6.16 for RHEL 8","version":"","platforms":[]},{"source":"ADP","vendor":"Red Hat","product":"Red Hat Satellite 6.16 for RHEL 9","version":"","platforms":[]},{"source":"ADP","vendor":"Red Hat","product":"Red Hat Satellite 6.17 for RHEL 9","version":"","platforms":[]},{"source":"ADP","vendor":"Red Hat","product":"Red Hat Satellite 6","version":"","platforms":[]}],"timeline":[{"source":"CNA","time":"2026-01-28T12:39:43.076Z","lang":"en","value":"Reported to Red Hat."},{"source":"CNA","time":"2026-01-28T12:40:37.424Z","lang":"en","value":"Made public."},{"source":"ADP","time":"2026-01-28T12:39:43.076Z","lang":"en","value":"Reported to Red Hat."},{"source":"ADP","time":"2026-01-28T12:40:37.424Z","lang":"en","value":"Made public."}],"solutions":[{"source":"ADP","title":"","value":"RHSA-2026:5971: Red Hat Satellite 6.16 for RHEL 8, Red Hat Satellite 6.16 for RHEL 9","time":"","lang":"en"},{"source":"ADP","title":"","value":"RHSA-2026:5970: Red Hat Satellite 6.17 for RHEL 9","time":"","lang":"en"}],"workarounds":[{"source":"CNA","title":"","value":"Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.","time":"","lang":"en"},{"source":"ADP","title":"","value":"Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.","time":"","lang":"en"}],"exploits":[],"credits":[{"source":"CNA","value":"This issue was discovered by Evgeni Golov (Red Hat).","lang":"en"}],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"1530","cve":"CVE-2026-1530","epss":"0.002540000","percentile":"0.166730000","score_date":"2026-07-01","updated_at":"2026-07-02 00:05:26"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-1530","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2026-02-02T16:26:13.539148Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-02-02T16:28:31.327Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"},{"affected":[{"cpes":["cpe:/a:redhat:satellite:6.16::el8","cpe:/a:redhat:satellite_capsule:6.16::el8","cpe:/a:redhat:satellite_utils:6.16::el8"],"defaultStatus":"affected","product":"Red Hat Satellite 6.16 for RHEL 8","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:satellite:6.16::el9","cpe:/a:redhat:satellite_capsule:6.16::el9","cpe:/a:redhat:satellite_maintenance:6.16::el9","cpe:/a:redhat:satellite_utils:6.16::el9"],"defaultStatus":"affected","product":"Red Hat Satellite 6.16 for RHEL 9","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:satellite:6.17::el9","cpe:/a:redhat:satellite_capsule:6.17::el9","cpe:/a:redhat:satellite_maintenance:6.17::el9","cpe:/a:redhat:satellite_utils:6.17::el9"],"defaultStatus":"affected","product":"Red Hat Satellite 6.17 for RHEL 9","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:satellite:6"],"defaultStatus":"affected","product":"Red Hat Satellite 6","vendor":"Red Hat"}],"datePublic":"2026-01-28T12:40:37.424Z","descriptions":[{"lang":"en","value":"A flaw was found in fog-kubevirt. This vulnerability allows a remote attacker to perform a Man-in-the-Middle (MITM) attack due to disabled certificate validation. This enables the attacker to intercept and potentially alter sensitive communications between Satellite and OpenShift, resulting in information disclosure and data integrity compromise."}],"metrics":[{"other":{"content":{"namespace":"https://access.redhat.com/security/updates/classification/","value":"Important"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":8.1,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-295","description":"Improper Certificate Validation","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-06-30T02:45:51.847Z","orgId":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","shortName":"redhat-SADP"},"references":[{"tags":["vdb-entry","x_refsource_REDHAT"],"url":"https://access.redhat.com/security/cve/CVE-2026-1530"},{"name":"RHBZ#2433784","tags":["issue-tracking","x_refsource_REDHAT"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2433784"},{"tags":["x_sadp-csaf-vex"],"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1530.json"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:5971"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:5970"}],"solutions":[{"lang":"en","value":"RHSA-2026:5971: Red Hat Satellite 6.16 for RHEL 8, Red Hat Satellite 6.16 for RHEL 9"},{"lang":"en","value":"RHSA-2026:5970: Red Hat Satellite 6.17 for RHEL 9"}],"timeline":[{"lang":"en","time":"2026-01-28T12:39:43.076Z","value":"Reported to Red Hat."},{"lang":"en","time":"2026-01-28T12:40:37.424Z","value":"Made public."}],"title":"fog-kubevirt: fog-kubevirt: Man-in-the-Middle vulnerability due to disabled certificate validation","workarounds":[{"lang":"en","value":"Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}],"x_adpType":"supplier","x_generator":{"engine":"sadp-cli 1.0.0"}}],"cna":{"affected":[{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:satellite_capsule:6.16::el9","cpe:/a:redhat:satellite_maintenance:6.16::el9","cpe:/a:redhat:satellite_capsule:6.16::el8","cpe:/a:redhat:satellite_utils:6.16::el8","cpe:/a:redhat:satellite:6.16::el9","cpe:/a:redhat:satellite:6.16::el8","cpe:/a:redhat:satellite_utils:6.16::el9"],"defaultStatus":"affected","packageName":"rubygem-fog-kubevirt","product":"Red Hat Satellite 6.16 for RHEL 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:1.5.1-1.el8sat","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:satellite_capsule:6.16::el9","cpe:/a:redhat:satellite_maintenance:6.16::el9","cpe:/a:redhat:satellite_capsule:6.16::el8","cpe:/a:redhat:satellite_utils:6.16::el8","cpe:/a:redhat:satellite:6.16::el9","cpe:/a:redhat:satellite:6.16::el8","cpe:/a:redhat:satellite_utils:6.16::el9"],"defaultStatus":"affected","packageName":"rubygem-fog-kubevirt","product":"Red Hat Satellite 6.16 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:1.5.1-1.el9sat","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:satellite_utils:6.17::el9","cpe:/a:redhat:satellite_maintenance:6.17::el9","cpe:/a:redhat:satellite:6.17::el9","cpe:/a:redhat:satellite_capsule:6.17::el9"],"defaultStatus":"affected","packageName":"foreman","product":"Red Hat Satellite 6.17 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:3.14.0.14-1.el9sat","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:satellite_utils:6.17::el9","cpe:/a:redhat:satellite_maintenance:6.17::el9","cpe:/a:redhat:satellite:6.17::el9","cpe:/a:redhat:satellite_capsule:6.17::el9"],"defaultStatus":"affected","packageName":"libcomps","product":"Red Hat Satellite 6.17 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:0.1.23-0.3.el9pc","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:satellite_utils:6.17::el9","cpe:/a:redhat:satellite_maintenance:6.17::el9","cpe:/a:redhat:satellite:6.17::el9","cpe:/a:redhat:satellite_capsule:6.17::el9"],"defaultStatus":"affected","packageName":"python-brotli","product":"Red Hat Satellite 6.17 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:1.2.0-0.1.el9pc","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:satellite_utils:6.17::el9","cpe:/a:redhat:satellite_maintenance:6.17::el9","cpe:/a:redhat:satellite:6.17::el9","cpe:/a:redhat:satellite_capsule:6.17::el9"],"defaultStatus":"affected","packageName":"python-django","product":"Red Hat Satellite 6.17 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:4.2.28-0.1.el9pc","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:satellite_utils:6.17::el9","cpe:/a:redhat:satellite_maintenance:6.17::el9","cpe:/a:redhat:satellite:6.17::el9","cpe:/a:redhat:satellite_capsule:6.17::el9"],"defaultStatus":"affected","packageName":"python-pulp-container","product":"Red Hat Satellite 6.17 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.22.3-1.el9pc","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:satellite_utils:6.17::el9","cpe:/a:redhat:satellite_maintenance:6.17::el9","cpe:/a:redhat:satellite:6.17::el9","cpe:/a:redhat:satellite_capsule:6.17::el9"],"defaultStatus":"affected","packageName":"python-pulp-rpm","product":"Red Hat Satellite 6.17 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:3.27.10-2.el9pc","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:satellite_utils:6.17::el9","cpe:/a:redhat:satellite_maintenance:6.17::el9","cpe:/a:redhat:satellite:6.17::el9","cpe:/a:redhat:satellite_capsule:6.17::el9"],"defaultStatus":"affected","packageName":"rubygem-fog-kubevirt","product":"Red Hat Satellite 6.17 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:1.5.1-1.el9sat","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:satellite_utils:6.17::el9","cpe:/a:redhat:satellite_maintenance:6.17::el9","cpe:/a:redhat:satellite:6.17::el9","cpe:/a:redhat:satellite_capsule:6.17::el9"],"defaultStatus":"affected","packageName":"rubygem-foreman_kubevirt","product":"Red Hat Satellite 6.17 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:0.4.3-1.el9sat","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:satellite_utils:6.17::el9","cpe:/a:redhat:satellite_maintenance:6.17::el9","cpe:/a:redhat:satellite:6.17::el9","cpe:/a:redhat:satellite_capsule:6.17::el9"],"defaultStatus":"affected","packageName":"rubygem-katello","product":"Red Hat Satellite 6.17 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:4.16.0.14-1.el9sat","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:satellite_utils:6.17::el9","cpe:/a:redhat:satellite_maintenance:6.17::el9","cpe:/a:redhat:satellite:6.17::el9","cpe:/a:redhat:satellite_capsule:6.17::el9"],"defaultStatus":"affected","packageName":"rubygem-rubyipmi","product":"Red Hat Satellite 6.17 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:0.13.0-1.el9sat","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:satellite_utils:6.17::el9","cpe:/a:redhat:satellite_maintenance:6.17::el9","cpe:/a:redhat:satellite:6.17::el9","cpe:/a:redhat:satellite_capsule:6.17::el9"],"defaultStatus":"affected","packageName":"satellite","product":"Red Hat Satellite 6.17 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:6.17.7-1.el9sat","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:satellite_utils:6.17::el9","cpe:/a:redhat:satellite_maintenance:6.17::el9","cpe:/a:redhat:satellite:6.17::el9","cpe:/a:redhat:satellite_capsule:6.17::el9"],"defaultStatus":"affected","packageName":"yggdrasil-worker-forwarder","product":"Red Hat Satellite 6.17 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:0.0.3-4.el9sat","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:satellite_utils:6.17::el9","cpe:/a:redhat:satellite_maintenance:6.17::el9","cpe:/a:redhat:satellite:6.17::el9","cpe:/a:redhat:satellite_capsule:6.17::el9"],"defaultStatus":"affected","packageName":"foreman","product":"Red Hat Satellite 6.17 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:3.14.0.14-1.el9sat","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:satellite_utils:6.17::el9","cpe:/a:redhat:satellite_maintenance:6.17::el9","cpe:/a:redhat:satellite:6.17::el9","cpe:/a:redhat:satellite_capsule:6.17::el9"],"defaultStatus":"affected","packageName":"libcomps","product":"Red Hat Satellite 6.17 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:0.1.23-0.3.el9pc","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:satellite_utils:6.17::el9","cpe:/a:redhat:satellite_maintenance:6.17::el9","cpe:/a:redhat:satellite:6.17::el9","cpe:/a:redhat:satellite_capsule:6.17::el9"],"defaultStatus":"affected","packageName":"python-brotli","product":"Red Hat Satellite 6.17 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:1.2.0-0.1.el9pc","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:satellite_utils:6.17::el9","cpe:/a:redhat:satellite_maintenance:6.17::el9","cpe:/a:redhat:satellite:6.17::el9","cpe:/a:redhat:satellite_capsule:6.17::el9"],"defaultStatus":"affected","packageName":"python-django","product":"Red Hat Satellite 6.17 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:4.2.28-0.1.el9pc","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:satellite_utils:6.17::el9","cpe:/a:redhat:satellite_maintenance:6.17::el9","cpe:/a:redhat:satellite:6.17::el9","cpe:/a:redhat:satellite_capsule:6.17::el9"],"defaultStatus":"affected","packageName":"python-pulp-container","product":"Red Hat Satellite 6.17 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.22.3-1.el9pc","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:satellite_utils:6.17::el9","cpe:/a:redhat:satellite_maintenance:6.17::el9","cpe:/a:redhat:satellite:6.17::el9","cpe:/a:redhat:satellite_capsule:6.17::el9"],"defaultStatus":"affected","packageName":"python-pulp-rpm","product":"Red Hat Satellite 6.17 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:3.27.10-2.el9pc","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:satellite_utils:6.17::el9","cpe:/a:redhat:satellite_maintenance:6.17::el9","cpe:/a:redhat:satellite:6.17::el9","cpe:/a:redhat:satellite_capsule:6.17::el9"],"defaultStatus":"affected","packageName":"rubygem-fog-kubevirt","product":"Red Hat Satellite 6.17 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:1.5.1-1.el9sat","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:satellite_utils:6.17::el9","cpe:/a:redhat:satellite_maintenance:6.17::el9","cpe:/a:redhat:satellite:6.17::el9","cpe:/a:redhat:satellite_capsule:6.17::el9"],"defaultStatus":"affected","packageName":"rubygem-foreman_kubevirt","product":"Red Hat Satellite 6.17 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:0.4.3-1.el9sat","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:satellite_utils:6.17::el9","cpe:/a:redhat:satellite_maintenance:6.17::el9","cpe:/a:redhat:satellite:6.17::el9","cpe:/a:redhat:satellite_capsule:6.17::el9"],"defaultStatus":"affected","packageName":"rubygem-katello","product":"Red Hat Satellite 6.17 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:4.16.0.14-1.el9sat","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:satellite_utils:6.17::el9","cpe:/a:redhat:satellite_maintenance:6.17::el9","cpe:/a:redhat:satellite:6.17::el9","cpe:/a:redhat:satellite_capsule:6.17::el9"],"defaultStatus":"affected","packageName":"rubygem-rubyipmi","product":"Red Hat Satellite 6.17 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:0.13.0-1.el9sat","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:satellite_utils:6.17::el9","cpe:/a:redhat:satellite_maintenance:6.17::el9","cpe:/a:redhat:satellite:6.17::el9","cpe:/a:redhat:satellite_capsule:6.17::el9"],"defaultStatus":"affected","packageName":"satellite","product":"Red Hat Satellite 6.17 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:6.17.7-1.el9sat","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:satellite_utils:6.17::el9","cpe:/a:redhat:satellite_maintenance:6.17::el9","cpe:/a:redhat:satellite:6.17::el9","cpe:/a:redhat:satellite_capsule:6.17::el9"],"defaultStatus":"affected","packageName":"yggdrasil-worker-forwarder","product":"Red Hat Satellite 6.17 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:0.0.3-4.el9sat","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:satellite:6"],"defaultStatus":"affected","packageName":"satellite:el8/rubygem-fog-kubevirt","product":"Red Hat Satellite 6","vendor":"Red Hat"}],"credits":[{"lang":"en","value":"This issue was discovered by Evgeni Golov (Red Hat)."}],"datePublic":"2026-01-28T12:40:37.424Z","descriptions":[{"lang":"en","value":"A flaw was found in fog-kubevirt. This vulnerability allows a remote attacker to perform a Man-in-the-Middle (MITM) attack due to disabled certificate validation. This enables the attacker to intercept and potentially alter sensitive communications between Satellite and OpenShift, resulting in information disclosure and data integrity compromise."}],"metrics":[{"other":{"content":{"namespace":"https://access.redhat.com/security/updates/classification/","value":"Important"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":8.1,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-295","description":"Improper Certificate Validation","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-03-26T20:31:44.599Z","orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat"},"references":[{"name":"RHSA-2026:5970","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:5970"},{"name":"RHSA-2026:5971","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:5971"},{"tags":["vdb-entry","x_refsource_REDHAT"],"url":"https://access.redhat.com/security/cve/CVE-2026-1530"},{"name":"RHBZ#2433784","tags":["issue-tracking","x_refsource_REDHAT"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2433784"}],"timeline":[{"lang":"en","time":"2026-01-28T12:39:43.076Z","value":"Reported to Red Hat."},{"lang":"en","time":"2026-01-28T12:40:37.424Z","value":"Made public."}],"title":"Fog-kubevirt: fog-kubevirt: man-in-the-middle vulnerability due to disabled certificate validation","workarounds":[{"lang":"en","value":"Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}],"x_generator":{"engine":"cvelib 1.8.0"},"x_redhatCweChain":"CWE-295: Improper Certificate Validation"}},"cveMetadata":{"assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","cveId":"CVE-2026-1530","datePublished":"2026-02-02T05:47:10.049Z","dateReserved":"2026-01-28T12:41:52.835Z","dateUpdated":"2026-06-30T02:45:51.847Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-02-02 06:16:20","lastModifiedDate":"2026-06-30 03:17:17","problem_types":["CWE-295","CWE-295 Improper Certificate Validation"],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-02-02T16:26:13.539148Z","id":"CVE-2026-1530","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"1530","Ordinal":"1","Title":"Fog-kubevirt: fog-kubevirt: man-in-the-middle vulnerability due ","CVE":"CVE-2026-1530","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"1530","Ordinal":"1","NoteData":"A flaw was found in fog-kubevirt. This vulnerability allows a remote attacker to perform a Man-in-the-Middle (MITM) attack due to disabled certificate validation. This enables the attacker to intercept and potentially alter sensitive communications between Satellite and OpenShift, resulting in information disclosure and data integrity compromise.","Type":"Description","Title":"Fog-kubevirt: fog-kubevirt: man-in-the-middle vulnerability due "}]}}}