Description
A flaw was found in the Katello plugin for Red Hat Satellite. This vulnerability, caused by improper sanitization of user-provided input, allows a remote attacker to inject arbitrary SQL commands into the sort_by parameter of the /api/hosts/bootc_images API endpoint. This can lead to a Denial of Service (DoS) by triggering database errors, and potentially enable Boolean-based Blind SQL injection, which could allow an attacker to extract sensitive information from the database.
Problem types
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Product status
0:3.14.0.14-1.el9sat (rpm) before *
0:0.1.23-0.3.el9pc (rpm) before *
0:1.2.0-0.1.el9pc (rpm) before *
0:4.2.28-0.1.el9pc (rpm) before *
0:2.22.3-1.el9pc (rpm) before *
0:3.27.10-2.el9pc (rpm) before *
0:1.5.1-1.el9sat (rpm) before *
0:0.4.3-1.el9sat (rpm) before *
0:4.16.0.14-1.el9sat (rpm) before *
0:0.13.0-1.el9sat (rpm) before *
0:6.17.7-1.el9sat (rpm) before *
0:0.0.3-4.el9sat (rpm) before *
0:3.14.0.14-1.el9sat (rpm) before *
0:0.1.23-0.3.el9pc (rpm) before *
0:1.2.0-0.1.el9pc (rpm) before *
0:4.2.28-0.1.el9pc (rpm) before *
0:2.22.3-1.el9pc (rpm) before *
0:3.27.10-2.el9pc (rpm) before *
0:1.5.1-1.el9sat (rpm) before *
0:0.4.3-1.el9sat (rpm) before *
0:4.16.0.14-1.el9sat (rpm) before *
0:0.13.0-1.el9sat (rpm) before *
0:6.17.7-1.el9sat (rpm) before *
0:0.0.3-4.el9sat (rpm) before *
0:4.18.0.9-1.el9sat (rpm) before *
Timeline
| 2026-03-17: | Reported to Red Hat. |
| 2026-03-17: | Made public. |
References
access.redhat.com/errata/RHSA-2026:5968 (RHSA-2026:5968)
access.redhat.com/errata/RHSA-2026:5970 (RHSA-2026:5970)
access.redhat.com/security/cve/CVE-2026-4324
bugzilla.redhat.com/show_bug.cgi?id=2448349 (RHBZ#2448349)