CVE-2026-13316

Severity CVSS v4.0:
Pending analysis
Type:
CWE-918 Server-Side Request Forgery (SSRF)
Publication date:
30/06/2026
Last modified:
06/07/2026

Description

A flaw has been found in foreman when HTTP parameters are modified in http_proxies_controller and http_proxy files. Attackers can perform an SSRF attack and steal cloud metadata service on AWS/GCP/Azure environment through foreman component.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:redhat:satellite:*:*:*:*:*:*:*:* 6.0 (including) 6.19 (including)
cpe:2.3:a:theforeman:foreman:-:*:*:*:*:*:*:*