SSRF Vulnerability in Foreman Affects Cloud Metadata Services
CVE-2026-13316

4.4MEDIUM

Key Information:

Vendor: Red Hat
Status: Red Hat Satellite 6
Vendor: CVE Published:; 30 June 2026

What is CVE-2026-13316?

A vulnerability exists in Foreman where improper handling of HTTP parameters in the http_proxies_controller and related files allows attackers to execute Server-Side Request Forgery (SSRF) attacks. This can result in unauthorized access to cloud metadata services on Amazon Web Services (AWS), Google Cloud Platform (GCP), and Microsoft Azure environments, potentially exposing sensitive information. Organizations using Foreman should take immediate action to patch this vulnerability to safeguard their cloud deployments.

References

https://access.redhat.com/security/cve/CVE-2026-13316

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2490345

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 30, 2026
Vulnerability Reserved
Jun 25, 2026

CVE-2026-13316 Data

JSON

Red Hat

What is CVE-2026-13316?

References

CVSS V3.1

Timeline