Insufficient Authorization Flaw in Red Hat Satellite's Content Upload Functionality
CVE-2026-12515

4.3MEDIUM

Key Information:

Vendor

Red Hat
Status
Red Hat Hardened Images
Red Hat Satellite 6
Vendor
CVE Published:
17 June 2026

What is CVE-2026-12515?

A security flaw exists in the ContentUploadsController of Red Hat Satellite, where insufficient authorization checks allow users with edit_products permissions to access content information from repositories beyond their authorized scope. An authenticated attacker could exploit this vulnerability to discover the existence of specific content in otherwise restricted repositories, posing a potential information disclosure risk. Importantly, this issue does not permit unauthorized modifications, imports, or content publication.

References

https://access.redhat.com/security/cve/CVE-2026-12515
vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2489812
issue-trackingx_refsource_REDHAT
https://github.com/Katello/katello/pull/11712

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.