A flaw has been found in foreman when HTTP parameters are modified in httpproxiescontroller and http_proxy files. Attackers can perform an SSRF attack and steal cloud metadata service on AWS/GCP/Azure environment through foreman component.
{ "binaries": [ { "binary_name": "ruby-foreman", "binary_version": "0.78.0-3" } ] }
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-13316.json"
{ "binaries": [ { "binary_name": "ruby-foreman", "binary_version": "0.82.0-2" } ] }
{ "binaries": [ { "binary_name": "ruby-foreman", "binary_version": "0.85.0-1" } ] }
{ "binaries": [ { "binary_name": "ruby-foreman", "binary_version": "0.85.0-2" } ] }
{ "binaries": [ { "binary_name": "ruby-foreman", "binary_version": "0.87.2-4" } ] }
{ "binaries": [ { "binary_name": "ruby-foreman", "binary_version": "0.88.1-1" } ] }
{ "binaries": [ { "binary_name": "ruby-foreman", "binary_version": "0.90.0-1" } ] }