Bug 2488031 (CVE-2026-12112) - CVE-2026-12112 foreman-mcp-server: MCP Server: Active Session Hijacking via Insecure Session State Reuse
Summary: CVE-2026-12112 foreman-mcp-server: MCP Server: Active Session Hijacking via I...
Keywords:
Status: NEW
Alias: CVE-2026-12112
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-06-11 20:32 UTC by OSIDB Bzimport
Modified: 2026-06-23 14:32 UTC (History)
12 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description OSIDB Bzimport 2026-06-11 20:32:55 UTC
Description

A session management vulnerability in the MCP Server allows unauthenticated attackers to hijack active administrative sessions and execute actions on the Red Hat Satellite server. 

The vulnerability stems from how the AuthMiddleware caches application state. Rather than caching response data, the server caches the fully authenticated ForemanApi client connection object in an in-memory dictionary (user_map), keyed by the non secret mcp-session-id. When processing subsequent requests, the middleware improperly treats the presence of this cached object as proof of current authentication failing to re-validate the foreman_token provided in the new request and blindly trusting any payload that includes an active session ID (mcp-session-id). 

Because the server logs all newly created session IDs at the INFO level (F-32 MCP Server: Insecure Sensitive HTTP Header Sanitization), an attacker can harvest a legitimate user's ID from standard logs. Even though the foreman_token header is required, it’s not evaluated after initialization. Also, the MCP server never terminates the session. It will trust that leaked mcp-session-id forever, or until the server itself is restarted. 

Impact

The attacker achieves arbitrary API invocation capabilities by proxying JSON-RPC requests through the hijacked ForemanApi client instance. Because this cached object automatically injects the victim's valid Bearer authentication token into outgoing HTTP requests, the backend Red Hat Satellite server evaluates all requests against the victim's Role-Based Access Control (RBAC) profile.  

Successful exploitation leads to Privilege Escalation, granting an unauthenticated attacker the ability to execute Infrastructure-wide Remote Code Execution (RCE), if enabled. 

Recommendations

Update AuthMiddleware to Implement Per-Request Token Validation. Every incoming request must validate the foreman_token, even if a session ID exists. The server must cryptographically verify the request header's token against the associated session's token. Mismatched tokens must result in a 401 Unauthorized rejection, and the session should be invalidated to prevent hijacking. This aligns with MCP security best practices, which mandate that authorization-implementing servers MUST verify all requests and MUST NOT use sessions for authentication.


Note You need to log in before you can comment on or make changes to this bug.