CVE-2026-0980 | THREATINT

Description

A flaw was found in rubyipmi, a gem used in the Baseboard Management Controller (BMC) component of Red Hat Satellite. An authenticated attacker with host creation or update permissions could exploit this vulnerability by crafting a malicious username for the BMC interface. This could lead to remote code execution (RCE) on the system.

PUBLISHED Reserved 2026-01-15 | Published 2026-02-27 | Updated 2026-02-27 | Assigner redhat

HIGH: 8.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

Problem types

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Product status

Default status

affected

Default status

affected

Timeline

2026-01-15:	Reported to Red Hat.
2020-01-15:	Made public.

References

access.redhat.com/security/cve/CVE-2026-0980 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2429874 (RHBZ#2429874) issue-tracking

cve.org (CVE-2026-0980)

nvd.nist.gov (CVE-2026-0980)

Download JSON