Vulnerability-Lookup

CVE-2026-12112 (GCVE-0-2026-12112)

Vulnerability from cvelistv5 – Published: 2026-06-23 19:40 – Updated: 2026-06-24 01:41

Title

Foreman-mcp-server: mcp server: active session hijacking via insecure session state reuse

Summary

A flaw was found in the foreman-mcp-server. A session management vulnerability in the MCP Server allows unauthenticated attackers to hijack active administrative sessions due to an improper cache of authenticated client connections, by trusting a non-secret session ID without re-validating authentication tokens and by logging all newly created session IDs to standard logs. This issue can result in privilege escalation and infrastructure-wide code execution.

Severity

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-287 - Improper Authentication

Assigner

redhat

References

3 references

URL	Tags
https://access.redhat.com/errata/RHSA-2026:28438	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2026-12112	vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2488031	issue-trackingx_refsource_REDHAT

Impacted products

1 product

Vendor	Product	Version
Red Hat	Red Hat Satellite 6.19	Unaffected: 1782228692 , < * (rpm) cpe:/a:redhat:satellite:6.19::el9

Date Public

2026-06-23 14:31

Credits

This issue was discovered by Laura Pardo (Red Hat) and Toni Gornals (Red Hat).

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:satellite:6.19::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "satellite/foreman-mcp-server-rhel9",
          "product": "Red Hat Satellite 6.19",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1782228692",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "This issue was discovered by Laura Pardo (Red Hat) and Toni Gornals (Red Hat)."
        }
      ],
      "datePublic": "2026-06-23T14:31:23.576Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in the foreman-mcp-server. A session management vulnerability in the MCP Server allows unauthenticated attackers to hijack active administrative sessions due to an improper cache of authenticated client connections, by trusting a non-secret session ID without re-validating authentication tokens and by logging all newly created session IDs to standard logs. This issue can result in privilege escalation and infrastructure-wide code execution."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-24T01:41:36.307Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2026:28438",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:28438"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2026-12112"
        },
        {
          "name": "RHBZ#2488031",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488031"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-05-06T00:00:00.000Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2026-06-23T14:31:23.576Z",
          "value": "Made public."
        }
      ],
      "title": "Foreman-mcp-server: mcp server: active session hijacking via insecure session state reuse",
      "workarounds": [
        {
          "lang": "en",
          "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-287: Improper Authentication"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2026-12112",
    "datePublished": "2026-06-23T19:40:51.360Z",
    "dateReserved": "2026-06-12T14:41:26.279Z",
    "dateUpdated": "2026-06-24T01:41:36.307Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-12112",
      "date": "2026-06-24",
      "epss": "0.00144",
      "percentile": "0.04022"
    }
  }
}

GHSA-6V32-2JC8-W595

Vulnerability from github – Published: 2026-06-23 21:30 – Updated: 2026-06-24 03:30

Details

Severity

7.8 (High)


                  
                    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2026-12112"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-23T21:16:54Z",
    "severity": "HIGH"
  },
  "details": "A flaw was found in the foreman-mcp-server. A session management vulnerability in the MCP Server allows unauthenticated attackers to hijack active administrative sessions due to an improper cache of authenticated client connections, by trusting a non-secret session ID without re-validating authentication tokens and by logging all newly created session IDs to standard logs. This issue can result in privilege escalation and infrastructure-wide code execution.",
  "id": "GHSA-6v32-2jc8-w595",
  "modified": "2026-06-24T03:30:34Z",
  "published": "2026-06-23T21:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12112"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:28438"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2026-12112"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488031"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

RHSA-2026:28438

Vulnerability from csaf_redhat - Published: 2026-06-23 17:23 - Updated: 2026-06-24 01:55

Summary

Red Hat Security Advisory: satellite/foreman-mcp-server-rhel9 container image available as a Technology Preview

Severity

Important

Notes

Topic: A new satellite/foreman-mcp-server-rhel9 container image is now available as a Technology Preview in the Red Hat container registry.

Details: Satellite provides a container image that you can use to run an MCP server locally. The MCP server for Satellite is designed for advanced reporting and data analysis that leverages AI capabilities. You can use it to generate dynamic and comprehensive reports from your Satellite inventory.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2026-9073

A flaw was found in foreman-mcp-server. This component utilizes two distinct logging mechanisms that can expose sensitive session and authentication data. One mechanism logs session identifiers, which are treated as authentication credentials, at an informational level. The other, when debug logging is enabled, incompletely sanitizes HTTP request headers, leading to the cleartext logging of sensitive information such as authorization tokens and API keys. This vulnerability can result in a confidentiality breach, as sensitive authentication data is persisted in plain text within container logs, increasing the risk if logs are forwarded to a centralized platform.

6.2 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-532 - Insertion of Sensitive Information into Log File

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Satellite 6.19:registry.redhat.io/satellite/foreman-mcp-server-rhel9@sha256:0130440128fabdff55b67256d444d2edca40912b65e65b8569964738f85d3069_amd64		—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2026-12112

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-287 - Improper Authentication

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Satellite 6.19:registry.redhat.io/satellite/foreman-mcp-server-rhel9@sha256:0130440128fabdff55b67256d444d2edca40912b65e65b8569964738f85d3069_amd64		—	Vendor Fix fix Workaround

Threats

Impact Important

References

15 references

URL	Category
https://access.redhat.com/errata/RHSA-2026:28438	self
https://access.redhat.com/documentation/en-us/red…	external
https://access.redhat.com/security/cve/CVE-2026-12112	external
https://access.redhat.com/security/cve/CVE-2026-9073	external
https://access.redhat.com/security/updates/classi…	external
https://catalog.redhat.com/software/containers/search	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2026-9073	self
https://bugzilla.redhat.com/show_bug.cgi?id=2480151	external
https://www.cve.org/CVERecord?id=CVE-2026-9073	external
https://nvd.nist.gov/vuln/detail/CVE-2026-9073	external
https://access.redhat.com/security/cve/CVE-2026-12112	self
https://bugzilla.redhat.com/show_bug.cgi?id=2488031	external
https://www.cve.org/CVERecord?id=CVE-2026-12112	external
https://nvd.nist.gov/vuln/detail/CVE-2026-12112	external

Acknowledgments

Red Hat Laura Pardo

Red Hat Laura Pardo Toni Gornals

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "A new satellite/foreman-mcp-server-rhel9 container image is now available as a Technology Preview in the Red Hat container registry.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Satellite provides a container image that you can use to run an MCP server locally. The MCP server for Satellite is designed for advanced reporting and data analysis that leverages AI capabilities. You can use it to generate dynamic and comprehensive reports from your Satellite inventory.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2026:28438",
        "url": "https://access.redhat.com/errata/RHSA-2026:28438"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/documentation/en-us/red_hat_satellite/6.19/html/updating_red_hat_satellite/index",
        "url": "https://access.redhat.com/documentation/en-us/red_hat_satellite/6.19/html/updating_red_hat_satellite/index"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-12112",
        "url": "https://access.redhat.com/security/cve/CVE-2026-12112"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-9073",
        "url": "https://access.redhat.com/security/cve/CVE-2026-9073"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/",
        "url": "https://access.redhat.com/security/updates/classification/"
      },
      {
        "category": "external",
        "summary": "https://catalog.redhat.com/software/containers/search",
        "url": "https://catalog.redhat.com/software/containers/search"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_28438.json"
      }
    ],
    "title": "Red Hat Security Advisory: satellite/foreman-mcp-server-rhel9 container image available as a Technology Preview",
    "tracking": {
      "current_release_date": "2026-06-24T01:55:52+00:00",
      "generator": {
        "date": "2026-06-24T01:55:52+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "5.0.0"
        }
      },
      "id": "RHSA-2026:28438",
      "initial_release_date": "2026-06-23T17:23:42+00:00",
      "revision_history": [
        {
          "date": "2026-06-23T17:23:42+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2026-06-23T17:23:50+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-24T01:55:52+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Satellite 6.19",
                "product": {
                  "name": "Red Hat Satellite 6.19",
                  "product_id": "Red Hat Satellite 6.19",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:satellite:6.19::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Satellite"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/satellite/foreman-mcp-server-rhel9@sha256:0130440128fabdff55b67256d444d2edca40912b65e65b8569964738f85d3069_amd64",
                "product": {
                  "name": "registry.redhat.io/satellite/foreman-mcp-server-rhel9@sha256:0130440128fabdff55b67256d444d2edca40912b65e65b8569964738f85d3069_amd64",
                  "product_id": "registry.redhat.io/satellite/foreman-mcp-server-rhel9@sha256:0130440128fabdff55b67256d444d2edca40912b65e65b8569964738f85d3069_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/foreman-mcp-server-rhel9@sha256%3A0130440128fabdff55b67256d444d2edca40912b65e65b8569964738f85d3069?arch=amd64\u0026repository_url=registry.redhat.io/satellite/foreman-mcp-server-rhel9\u0026tag=1782228692"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/satellite/foreman-mcp-server-rhel9@sha256:0130440128fabdff55b67256d444d2edca40912b65e65b8569964738f85d3069_amd64 as a component of Red Hat Satellite 6.19",
          "product_id": "Red Hat Satellite 6.19:registry.redhat.io/satellite/foreman-mcp-server-rhel9@sha256:0130440128fabdff55b67256d444d2edca40912b65e65b8569964738f85d3069_amd64"
        },
        "product_reference": "registry.redhat.io/satellite/foreman-mcp-server-rhel9@sha256:0130440128fabdff55b67256d444d2edca40912b65e65b8569964738f85d3069_amd64",
        "relates_to_product_reference": "Red Hat Satellite 6.19"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Laura Pardo"
          ],
          "organization": "Red Hat",
          "summary": "This issue was discovered by Red Hat."
        }
      ],
      "cve": "CVE-2026-9073",
      "cwe": {
        "id": "CWE-532",
        "name": "Insertion of Sensitive Information into Log File"
      },
      "discovery_date": "2026-05-20T12:05:51.360000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2480151"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in foreman-mcp-server. This component utilizes two distinct logging mechanisms that can expose sensitive session and authentication data. One mechanism logs session identifiers, which are treated as authentication credentials, at an informational level. The other, when debug logging is enabled, incompletely sanitizes HTTP request headers, leading to the cleartext logging of sensitive information such as authorization tokens and API keys. This vulnerability can result in a confidentiality breach, as sensitive authentication data is persisted in plain text within container logs, increasing the risk if logs are forwarded to a centralized platform.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "foreman-mcp-server: MCP Server: Insecure Sensitive HTTP Header Sanitization",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This Moderate impact flaw in `foreman-mcp-server` within Red Hat Satellite can lead to a confidentiality breach. The component logs sensitive session identifiers, which are treated as authentication credentials, at an informational level by default. Additionally, when debug logging is enabled, HTTP request headers containing authorization tokens and API keys are incompletely sanitized and logged in cleartext. This exposes sensitive authentication data in plain text within container logs, increasing risk if logs are aggregated or accessed by unauthorized parties.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Satellite 6.19:registry.redhat.io/satellite/foreman-mcp-server-rhel9@sha256:0130440128fabdff55b67256d444d2edca40912b65e65b8569964738f85d3069_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-9073"
        },
        {
          "category": "external",
          "summary": "RHBZ#2480151",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480151"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-9073",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9073"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-9073",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9073"
        }
      ],
      "release_date": "2026-06-23T12:34:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-23T17:23:42+00:00",
          "details": "For Satellite MCP integration see the Red Hat Satellite documentation.",
          "product_ids": [
            "Red Hat Satellite 6.19:registry.redhat.io/satellite/foreman-mcp-server-rhel9@sha256:0130440128fabdff55b67256d444d2edca40912b65e65b8569964738f85d3069_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:28438"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat Satellite 6.19:registry.redhat.io/satellite/foreman-mcp-server-rhel9@sha256:0130440128fabdff55b67256d444d2edca40912b65e65b8569964738f85d3069_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Satellite 6.19:registry.redhat.io/satellite/foreman-mcp-server-rhel9@sha256:0130440128fabdff55b67256d444d2edca40912b65e65b8569964738f85d3069_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "foreman-mcp-server: MCP Server: Insecure Sensitive HTTP Header Sanitization"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Laura Pardo",
            "Toni Gornals"
          ],
          "organization": "Red Hat",
          "summary": "This issue was discovered by Red Hat."
        }
      ],
      "cve": "CVE-2026-12112",
      "cwe": {
        "id": "CWE-287",
        "name": "Improper Authentication"
      },
      "discovery_date": "2026-05-06T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2488031"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the foreman-mcp-server. A session management vulnerability in the MCP Server allows unauthenticated attackers to hijack active administrative sessions due to an improper cache of authenticated client connections, by trusting a non-secret session ID without re-validating authentication tokens and by logging all newly created session IDs to standard logs. This issue can result in privilege escalation and infrastructure-wide code execution.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "foreman-mcp-server: MCP Server: Active Session Hijacking via Insecure Session State Reuse",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Success exploitation leads to privilege escalation, granting an unauthenticated attacker the ability to execute infrastructure-wide code execution. Due to this reason, this flaw has been rated with an important severity.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Satellite 6.19:registry.redhat.io/satellite/foreman-mcp-server-rhel9@sha256:0130440128fabdff55b67256d444d2edca40912b65e65b8569964738f85d3069_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-12112"
        },
        {
          "category": "external",
          "summary": "RHBZ#2488031",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488031"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-12112",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-12112"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-12112",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12112"
        }
      ],
      "release_date": "2026-06-23T14:31:23.576000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-23T17:23:42+00:00",
          "details": "For Satellite MCP integration see the Red Hat Satellite documentation.",
          "product_ids": [
            "Red Hat Satellite 6.19:registry.redhat.io/satellite/foreman-mcp-server-rhel9@sha256:0130440128fabdff55b67256d444d2edca40912b65e65b8569964738f85d3069_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:28438"
        },
        {
          "category": "workaround",
          "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
          "product_ids": [
            "Red Hat Satellite 6.19:registry.redhat.io/satellite/foreman-mcp-server-rhel9@sha256:0130440128fabdff55b67256d444d2edca40912b65e65b8569964738f85d3069_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Satellite 6.19:registry.redhat.io/satellite/foreman-mcp-server-rhel9@sha256:0130440128fabdff55b67256d444d2edca40912b65e65b8569964738f85d3069_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "foreman-mcp-server: MCP Server: Active Session Hijacking via Insecure Session State Reuse"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-12112 (GCVE-0-2026-12112)

GHSA-6V32-2JC8-W595

RHSA-2026:28438

Tags

Sightings

Nomenclature