Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Red Hat Satellite 6.19 for RHEL 9

Source -

CNA

CNA CVEs -

1

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
1Vulnerabilities found
CVE-2026-4324
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.11% / 29.75%
||
7 Day CHG~0.00%
Published-17 Mar, 2026 | 13:52
Updated-01 Jun, 2026 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rubygem-katello: katello: denial of service and potential information disclosure via sql injection

A flaw was found in the Katello plugin for Red Hat Satellite. This vulnerability, caused by improper sanitization of user-provided input, allows a remote attacker to inject arbitrary SQL commands into the sort_by parameter of the /api/hosts/bootc_images API endpoint. This can lead to a Denial of Service (DoS) by triggering database errors, and potentially enable Boolean-based Blind SQL injection, which could allow an attacker to extract sensitive information from the database.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Satellite 6.18 for RHEL 9Red Hat Satellite 6Red Hat Satellite 6.19 for RHEL 9Red Hat Satellite 6.17 for RHEL 9
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')