Zero Day MonitorZDM

← Back to list

8.0

CVE-2026-1961EXPLOITED

red hat · red hat satellite 6.16 for rhel

Forman: foreman: remote code execution via command injection in websocket proxy

Description

A flaw was found in Foreman. A remote attacker could exploit a command injection vulnerability in Foreman's WebSocket proxy implementation. This vulnerability arises from the system's use of unsanitized hostname values from compute resource providers when constructing shell commands. By operating a malicious compute resource server, an attacker could achieve remote code execution on the Foreman server when a user accesses VM VNC console functionality. This could lead to the compromise of sensitive credentials and the entire managed infrastructure.

Affected Products

Vendor	Product	Versions
red hat	red hat satellite 6.16 for rhel	—

References

Related News (2 articles)

Tier B

BSI Advisories4h ago

[NEU] [hoch] Foreman: Schwachstelle ermöglicht Codeausführung

→ No new info (linked only)

Tier C

oss-security3d ago

CVE-2026-1961: Foreman: Remote Code Execution via command injection in WebSocket proxy

→ No new info (linked only)

CVSS 3.18.0 HIGH

CISA KEV❌ No

Actively exploited✅ Yes

Published3/26/2026

Last enriched3h agov3

Trending Score70

Source articles2

Independent2

Info Completeness7/14

Missing: versions, epss, cwe, kev, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-28369EXP

Undertow: undertow: request smuggling via malformed http request headers

HIGHCVE-2026-28367EXP

Undertow: undertow: request smuggling via `\r\r\r` as a header block terminator

HIGHCVE-2026-5119EXP

Libsoup: libsoup: information disclosure via cleartext transmission of cookies during https tunnel establishment

NONECVE-2026-4948EXP

Firewalld: firewalld: local unprivileged user can modify firewall state due to d-bus setter mis-authorization

CRITICALCVE-2026-5121

Libarchive: libarchive: arbitrary code execution via integer overflow in iso9660 image processing

Pin to Dashboard

Verification

State: verified

Confidence: 100%

Vulnerability Timeline

CVE Published

Mar 26, 2026

Discovered by ZDM

Mar 26, 2026

Updated: cweIds

Mar 27, 2026

Actively Exploited

Mar 27, 2026

Exploit Available

Mar 27, 2026

Updated: severity, exploitAvailable, activelyExploited

Mar 30, 2026

Version History

v3

Last enriched 3h ago

v3Tier B3h ago

Updated severity to HIGH and marked the vulnerability as actively exploited with an exploit available.

severityexploitAvailableactivelyExploited

via BSI Advisories

v2Tier C3d ago

Updated severity to HIGH, marked as actively exploited, and added CWE-77.

cweIds

via oss-security

v13d ago

Initial creation