CVE-2026-5136

Source
https://cve.org/CVERecord?id=CVE-2026-5136
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-5136.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-5136
Downstream
Published
2026-07-01T13:28:00.316Z
Modified
2026-07-15T01:48:49.895369834Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Foreman: foreman: privilege escalation to administrator-level access via usergroup role assignment manipulation
Details

A flaw was found in Foreman. The Usergroup model in Foreman does not properly validate role assignments against the calling user's permissions. This allows an authenticated user with usergroup management permissions to attach arbitrary roles, including administrative roles, to a user group and then add themselves as a member. Successful exploitation of this vulnerability leads to full privilege escalation, granting the attacker administrator-level access.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/5xxx/CVE-2026-5136.json",
    "cwe_ids": [
        "CWE-266"
    ],
    "cna_assigner": "redhat"
}
References

Affected packages

Git
github.com/theforeman/foreman

Affected ranges

Type
GIT
Repo
https://github.com/theforeman/foreman
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Introduced
Fixed
Database specific
{
    "cpe": "cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:*",
    "source": "CPE_RANGE",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.18.2"
        },
        {
            "introduced": "3.19.0"
        },
        {
            "fixed": "3.19.1"
        }
    ]
}

Affected versions

0.*
0.1-1
0.1-2
0.1-3
0.1-4
0.1-5
0.1-6
0.2
0.2rc1
0.3
0.4
0.4rc2
0.4rc3
0.4rc4
0.4rc5
1.*
1.0
1.0RC1
1.0RC2
1.0RC3
1.0RC4
1.0RC5
1.1
1.1RC1
1.1RC2
1.1RC3
1.1RC4
1.1RC5
3.*
3.18.0
3.18.0-rc1
3.18.0-rc2
3.18.1
3.19.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-5136.json"
github.com/theforeman/foreman-installer

Affected ranges

Type
GIT
Repo
https://github.com/theforeman/foreman-installer
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Introduced
Fixed
Database specific
{
    "cpe": "cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:*",
    "source": "CPE_RANGE",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.18.2"
        },
        {
            "introduced": "3.19.0"
        },
        {
            "fixed": "3.19.1"
        }
    ]
}

Affected versions

1.*
1.0.1
3.*
3.18.0
3.18.0-rc1
3.18.0-rc2
3.18.1
3.19.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-5136.json"
github.com/theforeman/smart-proxy

Affected ranges

Type
GIT
Repo
https://github.com/theforeman/smart-proxy
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Introduced
Fixed
Database specific
{
    "cpe": "cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:*",
    "source": "CPE_RANGE",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.18.2"
        },
        {
            "introduced": "3.19.0"
        },
        {
            "fixed": "3.19.1"
        }
    ]
}

Affected versions

0.*
0.1
0.2
0.2rc2
0.3
1.*
1.0
1.0RC1
1.0RC2
1.1
1.1RC1
1.1RC2
1.1RC3
3.*
3.18.0
3.18.0-rc1
3.18.0-rc2
3.18.1
3.19.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-5136.json"