CVE-2026-13316
Severity CVSS v4.0:
Pending analysis
Type:
CWE-918
Server-Side Request Forgery (SSRF)
Publication date:
30/06/2026
Last modified:
06/07/2026
Description
A flaw has been found in foreman when HTTP parameters are modified in http_proxies_controller and http_proxy files. Attackers can perform an SSRF attack and steal cloud metadata service on AWS/GCP/Azure environment through foreman component.
Impact
Base Score 3.x
4.40
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:redhat:satellite:*:*:*:*:*:*:*:* | 6.0 (including) | 6.19 (including) |
| cpe:2.3:a:theforeman:foreman:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page



