2433786 – (CVE-2026-1531) CVE-2026-1531 foreman-kubevirt: foreman_kubevirt: Man-in-the-Middle due to insecure default SSL verification

Bug 2433786 (CVE-2026-1531) - CVE-2026-1531 foreman-kubevirt: foreman_kubevirt: Man-in-the-Middle due to insecure default SSL verification

Summary: CVE-2026-1531 foreman-kubevirt: foreman_kubevirt: Man-in-the-Middle due to in...

Keywords:
Status:	NEW
Alias:	CVE-2026-1531
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2026-01-28 12:52 UTC by OSIDB Bzimport
Modified:	2026-03-26 20:26 UTC (History)
CC List:	11 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2026:5970	0	None	None	None	2026-03-26 20:26:16 UTC
Red Hat Product Errata	RHSA-2026:5971	0	None	None	None	2026-03-26 20:26:38 UTC

Description OSIDB Bzimport 2026-01-28 12:52:16 UTC

Summary: MITM in foreman_kubevirt due to insecure defaults

Requirements to exploit: Being able to MITM traffic between Satellite
and OpenShift

Component affected: https://github.com/theforeman/foreman_kubevirt

Version affected: <= 0.4.0

Patch available: no

Version fixed (if any already): N/A

CVSS (optional): N/A

Impact (optional): Important

Embargo: No

Reason: The amount of affected systems should be low
Suggested public date: dd-MMM-yyyy

Acknowledgement: Evgeni Golov

Steps to reproduce if available:

Configure OpenShift Virtualization / KubeVirt in Satellite and don't
enter anything in the CA field
Mitigation if available: Explicitly set a CA

Original report: this email

When foreman_kubevirt configures the connection to OpenShift, it only
enables `kubevirt_verify_ssl` when a CA certificate was explicitly set
in the settings [1].
Normally, users would expect that the system trust store is used when
no explicit CA was set.
But in this case the whole verification is disabled instead.

Comment 2 errata-xmlrpc 2026-03-26 20:26:14 UTC

This issue has been addressed in the following products:

  Red Hat Satellite 6.17 for RHEL 9

Via RHSA-2026:5970 https://access.redhat.com/errata/RHSA-2026:5970

Comment 3 errata-xmlrpc 2026-03-26 20:26:36 UTC

This issue has been addressed in the following products:

  Red Hat Satellite 6.16 for RHEL 8
  Red Hat Satellite 6.16 for RHEL 9

Via RHSA-2026:5971 https://access.redhat.com/errata/RHSA-2026:5971

Note You need to log in before you can comment on or make changes to this bug.