A flaw was found in fog-kubevirt. This vulnerability allows a remote attacker to perform a Man-in-the-Middle (MITM) attack due to disabled certificate validation. This enables the attacker to intercept and potentially alter sensitive communications between Satellite and OpenShift, resulting in information disclosure and data integrity compromise.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

Vendors Products
Redhat
  • Satellite
  • Satellite Capsule
  • Satellite Maintenance
  • Satellite Utils

No data.

No data.

References
Link Providers
https://www.spirityenterprise.com/pentest spirity
https://www.spirityenterprise.com/managed-detection-response spirity
https://access.redhat.com/errata/RHSA-2026:5970 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:5971 cve-icon cve-icon
https://access.redhat.com/security/cve/CVE-2026-1530 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2433784 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2026-1530 cve-icon
https://www.cve.org/CVERecord?id=CVE-2026-1530 cve-icon
History

Thu, 26 Mar 2026 21:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat satellite Capsule
Redhat satellite Maintenance
Redhat satellite Utils
CPEs cpe:/a:redhat:satellite:6.16::el8
cpe:/a:redhat:satellite:6.16::el9
cpe:/a:redhat:satellite:6.17::el9
cpe:/a:redhat:satellite_capsule:6.16::el8
cpe:/a:redhat:satellite_capsule:6.16::el9
cpe:/a:redhat:satellite_capsule:6.17::el9
cpe:/a:redhat:satellite_maintenance:6.16::el9
cpe:/a:redhat:satellite_maintenance:6.17::el9
cpe:/a:redhat:satellite_utils:6.16::el8
cpe:/a:redhat:satellite_utils:6.16::el9
cpe:/a:redhat:satellite_utils:6.17::el9
Vendors & Products Redhat satellite Capsule
Redhat satellite Maintenance
Redhat satellite Utils
References

Mon, 02 Feb 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 02 Feb 2026 06:00:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE. A flaw was found in fog-kubevirt. This vulnerability allows a remote attacker to perform a Man-in-the-Middle (MITM) attack due to disabled certificate validation. This enables the attacker to intercept and potentially alter sensitive communications between Satellite and OpenShift, resulting in information disclosure and data integrity compromise.
Title fog-kubevirt: fog-kubevirt: Man-in-the-Middle vulnerability due to disabled certificate validation Fog-kubevirt: fog-kubevirt: man-in-the-middle vulnerability due to disabled certificate validation
First Time appeared Redhat
Redhat satellite
CPEs cpe:/a:redhat:satellite:6
Vendors & Products Redhat
Redhat satellite
References

Thu, 29 Jan 2026 00:15:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE.
Title fog-kubevirt: fog-kubevirt: Man-in-the-Middle vulnerability due to disabled certificate validation
Weaknesses CWE-295
References
Metrics threat_severity

None

 cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N'}

threat_severity

Important
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-03-26T20:31:44.599Z

Reserved: 2026-01-28T12:41:52.835Z

Link: CVE-2026-1530

cve-icon Vulnrichment

Updated: 2026-02-02T16:26:14.451Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-02-02T06:16:20.620

Modified: 2026-03-26T21:17:01.750

Link: CVE-2026-1530

cve-icon Redhat

Severity : Important

Publid Date: 2026-01-28T12:40:37Z

Links: CVE-2026-1530 - Bugzilla