RHSA-2026:28438
Vulnerability from csaf_redhat - Published: 2026-06-23 17:23 - Updated: 2026-06-24 01:55Summary
Red Hat Security Advisory: satellite/foreman-mcp-server-rhel9 container image available as a Technology Preview
Severity
Important
Notes
Topic: A new satellite/foreman-mcp-server-rhel9 container image is now available as a Technology Preview in the Red Hat container registry.
Details: Satellite provides a container image that you can use to run an MCP server locally. The MCP server for Satellite is designed for advanced reporting and data analysis that leverages AI capabilities. You can use it to generate dynamic and comprehensive reports from your Satellite inventory.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in foreman-mcp-server. This component utilizes two distinct logging mechanisms that can expose sensitive session and authentication data. One mechanism logs session identifiers, which are treated as authentication credentials, at an informational level. The other, when debug logging is enabled, incompletely sanitizes HTTP request headers, leading to the cleartext logging of sensitive information such as authorization tokens and API keys. This vulnerability can result in a confidentiality breach, as sensitive authentication data is persisted in plain text within container logs, increasing the risk if logs are forwarded to a centralized platform.
6.2 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Satellite 6.19:registry.redhat.io/satellite/foreman-mcp-server-rhel9@sha256:0130440128fabdff55b67256d444d2edca40912b65e65b8569964738f85d3069_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in the foreman-mcp-server. A session management vulnerability in the MCP Server allows unauthenticated attackers to hijack active administrative sessions due to an improper cache of authenticated client connections, by trusting a non-secret session ID without re-validating authentication tokens and by logging all newly created session IDs to standard logs. This issue can result in privilege escalation and infrastructure-wide code execution.
7.8 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Satellite 6.19:registry.redhat.io/satellite/foreman-mcp-server-rhel9@sha256:0130440128fabdff55b67256d444d2edca40912b65e65b8569964738f85d3069_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
15 references
Acknowledgments
Red Hat
Laura Pardo
Red Hat
Laura Pardo
Toni Gornals
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A new satellite/foreman-mcp-server-rhel9 container image is now available as a Technology Preview in the Red Hat container registry.",
"title": "Topic"
},
{
"category": "general",
"text": "Satellite provides a container image that you can use to run an MCP server locally. The MCP server for Satellite is designed for advanced reporting and data analysis that leverages AI capabilities. You can use it to generate dynamic and comprehensive reports from your Satellite inventory.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:28438",
"url": "https://access.redhat.com/errata/RHSA-2026:28438"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_satellite/6.19/html/updating_red_hat_satellite/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_satellite/6.19/html/updating_red_hat_satellite/index"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-12112",
"url": "https://access.redhat.com/security/cve/CVE-2026-12112"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-9073",
"url": "https://access.redhat.com/security/cve/CVE-2026-9073"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://catalog.redhat.com/software/containers/search",
"url": "https://catalog.redhat.com/software/containers/search"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_28438.json"
}
],
"title": "Red Hat Security Advisory: satellite/foreman-mcp-server-rhel9 container image available as a Technology Preview",
"tracking": {
"current_release_date": "2026-06-24T01:55:52+00:00",
"generator": {
"date": "2026-06-24T01:55:52+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.0.0"
}
},
"id": "RHSA-2026:28438",
"initial_release_date": "2026-06-23T17:23:42+00:00",
"revision_history": [
{
"date": "2026-06-23T17:23:42+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-23T17:23:50+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-24T01:55:52+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Satellite 6.19",
"product": {
"name": "Red Hat Satellite 6.19",
"product_id": "Red Hat Satellite 6.19",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite:6.19::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Satellite"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/satellite/foreman-mcp-server-rhel9@sha256:0130440128fabdff55b67256d444d2edca40912b65e65b8569964738f85d3069_amd64",
"product": {
"name": "registry.redhat.io/satellite/foreman-mcp-server-rhel9@sha256:0130440128fabdff55b67256d444d2edca40912b65e65b8569964738f85d3069_amd64",
"product_id": "registry.redhat.io/satellite/foreman-mcp-server-rhel9@sha256:0130440128fabdff55b67256d444d2edca40912b65e65b8569964738f85d3069_amd64",
"product_identification_helper": {
"purl": "pkg:oci/foreman-mcp-server-rhel9@sha256%3A0130440128fabdff55b67256d444d2edca40912b65e65b8569964738f85d3069?arch=amd64\u0026repository_url=registry.redhat.io/satellite/foreman-mcp-server-rhel9\u0026tag=1782228692"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/satellite/foreman-mcp-server-rhel9@sha256:0130440128fabdff55b67256d444d2edca40912b65e65b8569964738f85d3069_amd64 as a component of Red Hat Satellite 6.19",
"product_id": "Red Hat Satellite 6.19:registry.redhat.io/satellite/foreman-mcp-server-rhel9@sha256:0130440128fabdff55b67256d444d2edca40912b65e65b8569964738f85d3069_amd64"
},
"product_reference": "registry.redhat.io/satellite/foreman-mcp-server-rhel9@sha256:0130440128fabdff55b67256d444d2edca40912b65e65b8569964738f85d3069_amd64",
"relates_to_product_reference": "Red Hat Satellite 6.19"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Laura Pardo"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2026-9073",
"cwe": {
"id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
},
"discovery_date": "2026-05-20T12:05:51.360000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480151"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in foreman-mcp-server. This component utilizes two distinct logging mechanisms that can expose sensitive session and authentication data. One mechanism logs session identifiers, which are treated as authentication credentials, at an informational level. The other, when debug logging is enabled, incompletely sanitizes HTTP request headers, leading to the cleartext logging of sensitive information such as authorization tokens and API keys. This vulnerability can result in a confidentiality breach, as sensitive authentication data is persisted in plain text within container logs, increasing the risk if logs are forwarded to a centralized platform.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "foreman-mcp-server: MCP Server: Insecure Sensitive HTTP Header Sanitization",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Moderate impact flaw in `foreman-mcp-server` within Red Hat Satellite can lead to a confidentiality breach. The component logs sensitive session identifiers, which are treated as authentication credentials, at an informational level by default. Additionally, when debug logging is enabled, HTTP request headers containing authorization tokens and API keys are incompletely sanitized and logged in cleartext. This exposes sensitive authentication data in plain text within container logs, increasing risk if logs are aggregated or accessed by unauthorized parties.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Satellite 6.19:registry.redhat.io/satellite/foreman-mcp-server-rhel9@sha256:0130440128fabdff55b67256d444d2edca40912b65e65b8569964738f85d3069_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-9073"
},
{
"category": "external",
"summary": "RHBZ#2480151",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480151"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-9073",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9073"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-9073",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9073"
}
],
"release_date": "2026-06-23T12:34:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-23T17:23:42+00:00",
"details": "For Satellite MCP integration see the Red Hat Satellite documentation.",
"product_ids": [
"Red Hat Satellite 6.19:registry.redhat.io/satellite/foreman-mcp-server-rhel9@sha256:0130440128fabdff55b67256d444d2edca40912b65e65b8569964738f85d3069_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:28438"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Satellite 6.19:registry.redhat.io/satellite/foreman-mcp-server-rhel9@sha256:0130440128fabdff55b67256d444d2edca40912b65e65b8569964738f85d3069_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Satellite 6.19:registry.redhat.io/satellite/foreman-mcp-server-rhel9@sha256:0130440128fabdff55b67256d444d2edca40912b65e65b8569964738f85d3069_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "foreman-mcp-server: MCP Server: Insecure Sensitive HTTP Header Sanitization"
},
{
"acknowledgments": [
{
"names": [
"Laura Pardo",
"Toni Gornals"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2026-12112",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"discovery_date": "2026-05-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2488031"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the foreman-mcp-server. A session management vulnerability in the MCP Server allows unauthenticated attackers to hijack active administrative sessions due to an improper cache of authenticated client connections, by trusting a non-secret session ID without re-validating authentication tokens and by logging all newly created session IDs to standard logs. This issue can result in privilege escalation and infrastructure-wide code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "foreman-mcp-server: MCP Server: Active Session Hijacking via Insecure Session State Reuse",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Success exploitation leads to privilege escalation, granting an unauthenticated attacker the ability to execute infrastructure-wide code execution. Due to this reason, this flaw has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Satellite 6.19:registry.redhat.io/satellite/foreman-mcp-server-rhel9@sha256:0130440128fabdff55b67256d444d2edca40912b65e65b8569964738f85d3069_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-12112"
},
{
"category": "external",
"summary": "RHBZ#2488031",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488031"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-12112",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-12112"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-12112",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12112"
}
],
"release_date": "2026-06-23T14:31:23.576000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-23T17:23:42+00:00",
"details": "For Satellite MCP integration see the Red Hat Satellite documentation.",
"product_ids": [
"Red Hat Satellite 6.19:registry.redhat.io/satellite/foreman-mcp-server-rhel9@sha256:0130440128fabdff55b67256d444d2edca40912b65e65b8569964738f85d3069_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:28438"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat Satellite 6.19:registry.redhat.io/satellite/foreman-mcp-server-rhel9@sha256:0130440128fabdff55b67256d444d2edca40912b65e65b8569964738f85d3069_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Satellite 6.19:registry.redhat.io/satellite/foreman-mcp-server-rhel9@sha256:0130440128fabdff55b67256d444d2edca40912b65e65b8569964738f85d3069_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "foreman-mcp-server: MCP Server: Active Session Hijacking via Insecure Session State Reuse"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…