Logging Vulnerability in Foreman MCP Server by Red Hat
CVE-2026-9073

6.2MEDIUM

Key Information:

Vendor: Red Hat
Status: Red Hat Satellite 6
Vendor: CVE Published:; 23 June 2026

What is CVE-2026-9073?

A vulnerability exists in Foreman MCP Server that can compromise sensitive session and authentication information due to improper logging practices. The server employs two separate logging mechanisms that can inadvertently log session identifiers, which function as credentials, at an informational level. If debug logging is activated, HTTP request headers may be inadequately sanitized, leading to sensitive information such as authorization tokens and API keys being logged in cleartext. This results in a serious confidentiality risk, particularly if the logs are transmitted to a centralized logging platform, making it essential for organizations to review and update their logging settings to mitigate potential breaches.

References

https://access.redhat.com/security/cve/CVE-2026-9073

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2480151

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

6.2

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 23, 2026
Vulnerability Reserved
May 20, 2026

Credit

This issue was discovered by Laura Pardo (Red Hat).

CVE-2026-9073 Data

JSON