CVE-2026-0980
HIGH WAF: High
CVSS 8.8
Published: 2026-02-27
CWE-78
A flaw was found in rubyipmi, a gem used in the Baseboard Management Controller (BMC) component of Red Hat Satellite. An authenticated attacker with host creation or update permissions could exploit this vulnerability by crafting a malicious username for the BMC interface. This could lead to remote code execution (RCE) on the system.
WAF Coverage Analysis
OS Command Injection
High WAF Coverage
OWASP: A03:2021 Injection
932xxx - Remote Code Execution
Affected Software
| Vendor | Product | Version |
|---|---|---|
| redhat | satellite | 6.0 |
| logicminds | rubyipmi | up to 0.12.1 |
References
- access.redhat.com (Vendor Advisory)
- bugzilla.redhat.com (Issue Tracking, Vendor Advisory)