CVE-2026-5135

Source
https://cve.org/CVERecord?id=CVE-2026-5135
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-5135.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-5135
Downstream
Published
2026-07-01T14:08:39.712Z
Modified
2026-07-15T01:49:18.051619560Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
Foreman: foreman: unauthorized modification of host configurations via broken access control
Details

A flaw was found in Foreman. This broken access control vulnerability allows an authenticated user with host-edit permissions to retarget an existing lookup value override to a different host. This is achieved by modifying the match field through nested host attributes, effectively bypassing authorisation checks. The consequence is the potential for unauthorised modification of managed host configurations across different organisational and location boundaries.

Database specific
{
    "cwe_ids": [
        "CWE-639"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/5xxx/CVE-2026-5135.json",
    "cna_assigner": "redhat"
}
References

Affected packages

Git
github.com/theforeman/foreman

Affected ranges

Type
GIT
Repo
https://github.com/theforeman/foreman
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Introduced
Fixed
Database specific
{
    "cpe": "cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.18.2"
        },
        {
            "introduced": "3.19.0"
        },
        {
            "fixed": "3.19.1"
        }
    ],
    "source": "CPE_RANGE"
}

Affected versions

0.*
0.1-1
0.1-2
0.1-3
0.1-4
0.1-5
0.1-6
0.2
0.2rc1
0.3
0.4
0.4rc2
0.4rc3
0.4rc4
0.4rc5
1.*
1.0
1.0RC1
1.0RC2
1.0RC3
1.0RC4
1.0RC5
1.1
1.1RC1
1.1RC2
1.1RC3
1.1RC4
1.1RC5
3.*
3.18.0
3.18.0-rc1
3.18.0-rc2
3.18.1
3.19.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-5135.json"
github.com/theforeman/foreman-installer

Affected ranges

Type
GIT
Repo
https://github.com/theforeman/foreman-installer
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Introduced
Fixed
Database specific
{
    "cpe": "cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.18.2"
        },
        {
            "introduced": "3.19.0"
        },
        {
            "fixed": "3.19.1"
        }
    ],
    "source": "CPE_RANGE"
}

Affected versions

1.*
1.0.1
3.*
3.18.0
3.18.0-rc1
3.18.0-rc2
3.18.1
3.19.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-5135.json"
github.com/theforeman/smart-proxy

Affected ranges

Type
GIT
Repo
https://github.com/theforeman/smart-proxy
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Introduced
Fixed
Database specific
{
    "cpe": "cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.18.2"
        },
        {
            "introduced": "3.19.0"
        },
        {
            "fixed": "3.19.1"
        }
    ],
    "source": "CPE_RANGE"
}

Affected versions

0.*
0.1
0.2
0.2rc2
0.3
1.*
1.0
1.0RC1
1.0RC2
1.1
1.1RC1
1.1RC2
1.1RC3
3.*
3.18.0
3.18.0-rc1
3.18.0-rc2
3.18.1
3.19.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-5135.json"