RHSA-2026:36350
Vulnerability from csaf_redhat - Published: 2026-07-07 19:24 - Updated: 2026-07-08 14:21A flaw was found in FastMCP, a framework for building MCP applications. The server does not correctly process the resource parameter provided by the client during authorization and token requests. This can lead to security tokens being issued for an unintended base URL (Uniform Resource Locator) instead of the specific MCP server. Such improper token issuance could allow an attacker to gain unauthorized access or disclose sensitive information.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Satellite 6.18:registry.redhat.io/satellite/foreman-mcp-server-rhel9@sha256:6dccc74936d6698a043e22a9f5ef42da0c4fc4ddb6feb903417ebf5627685138_amd64 | — |
Vendor Fix
fix
|
A deserialization flaw was found in python-diskcache. This component uses Python pickle for serialization by default. An attacker with write access to the cache directory can exploit this vulnerability to achieve arbitrary code execution when a victim application reads from the cache. The impact of this flaw is scoped to the user running the tool.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Satellite 6.18:registry.redhat.io/satellite/foreman-mcp-server-rhel9@sha256:6dccc74936d6698a043e22a9f5ef42da0c4fc4ddb6feb903417ebf5627685138_amd64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in FastMCP. An authenticated attacker can exploit a path traversal vulnerability in the _build_url() method of the RequestDirector class. By manipulating path parameters in an OpenAPI operation, an attacker can use directory traversal sequences (../) to bypass the intended API prefix. This allows the attacker to access arbitrary backend endpoints, leading to authenticated Server-Side Request Forgery (SSRF). Server-Side Request Forgery (SSRF) enables an attacker to compel the server-side application to send HTTP requests to an arbitrary domain.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Satellite 6.18:registry.redhat.io/satellite/foreman-mcp-server-rhel9@sha256:6dccc74936d6698a043e22a9f5ef42da0c4fc4ddb6feb903417ebf5627685138_amd64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via `ProxyManager.connection_from_url().urlopen()` with `assert_same_host=False`, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitive information.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Satellite 6.18:registry.redhat.io/satellite/foreman-mcp-server-rhel9@sha256:6dccc74936d6698a043e22a9f5ef42da0c4fc4ddb6feb903417ebf5627685138_amd64 | — |
Vendor Fix
fix
|
A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Satellite 6.18:registry.redhat.io/satellite/foreman-mcp-server-rhel9@sha256:6dccc74936d6698a043e22a9f5ef42da0c4fc4ddb6feb903417ebf5627685138_amd64 | — |
Vendor Fix
fix
|
A flaw was found in PyJWT, a Python library for JSON Web Token (JWT) implementation. When decoding JWTs, the library fails to validate the use of JSON Web Keys (JWK) in the HMAC algorithm while also supporting asymmetric algorithms. This allows a remote attacker to use the issuer's public key as the secret key for the HMAC algorithm, leading to the ability to forge JWTs. This vulnerability can result in authentication bypass or unauthorized access.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Satellite 6.18:registry.redhat.io/satellite/foreman-mcp-server-rhel9@sha256:6dccc74936d6698a043e22a9f5ef42da0c4fc4ddb6feb903417ebf5627685138_amd64 | — |
Vendor Fix
fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A new satellite/foreman-mcp-server-rhel9 container image is now available as a Technology Preview in the Red Hat container registry.",
"title": "Topic"
},
{
"category": "general",
"text": "Satellite provides a container image that you can use to run an MCP server locally. The MCP server for Satellite is designed for advanced reporting and data analysis that leverages AI capabilities. You can use it to generate dynamic and comprehensive reports from your Satellite inventory.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:36350",
"url": "https://access.redhat.com/errata/RHSA-2026:36350"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_satellite/6.18/html/updating_red_hat_satellite/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_satellite/6.18/html/updating_red_hat_satellite/index"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-69196",
"url": "https://access.redhat.com/security/cve/CVE-2025-69196"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-69872",
"url": "https://access.redhat.com/security/cve/CVE-2025-69872"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32871",
"url": "https://access.redhat.com/security/cve/CVE-2026-32871"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44431",
"url": "https://access.redhat.com/security/cve/CVE-2026-44431"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44432",
"url": "https://access.redhat.com/security/cve/CVE-2026-44432"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-48526",
"url": "https://access.redhat.com/security/cve/CVE-2026-48526"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://catalog.redhat.com/software/containers/search",
"url": "https://catalog.redhat.com/software/containers/search"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_36350.json"
}
],
"title": "Red Hat Security Advisory: satellite/foreman-mcp-server-rhel9 container image available as a Technology Preview",
"tracking": {
"current_release_date": "2026-07-08T14:21:48+00:00",
"generator": {
"date": "2026-07-08T14:21:48+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:36350",
"initial_release_date": "2026-07-07T19:24:16+00:00",
"revision_history": [
{
"date": "2026-07-07T19:24:16+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-07-07T19:24:28+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-08T14:21:48+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Satellite 6.18",
"product": {
"name": "Red Hat Satellite 6.18",
"product_id": "Red Hat Satellite 6.18",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite:6.18::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Satellite"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/satellite/foreman-mcp-server-rhel9@sha256:6dccc74936d6698a043e22a9f5ef42da0c4fc4ddb6feb903417ebf5627685138_amd64",
"product": {
"name": "registry.redhat.io/satellite/foreman-mcp-server-rhel9@sha256:6dccc74936d6698a043e22a9f5ef42da0c4fc4ddb6feb903417ebf5627685138_amd64",
"product_id": "registry.redhat.io/satellite/foreman-mcp-server-rhel9@sha256:6dccc74936d6698a043e22a9f5ef42da0c4fc4ddb6feb903417ebf5627685138_amd64",
"product_identification_helper": {
"purl": "pkg:oci/foreman-mcp-server-rhel9@sha256%3A6dccc74936d6698a043e22a9f5ef42da0c4fc4ddb6feb903417ebf5627685138?arch=amd64\u0026repository_url=registry.redhat.io/satellite/foreman-mcp-server-rhel9\u0026tag=1782739344"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/satellite/foreman-mcp-server-rhel9@sha256:6dccc74936d6698a043e22a9f5ef42da0c4fc4ddb6feb903417ebf5627685138_amd64 as a component of Red Hat Satellite 6.18",
"product_id": "Red Hat Satellite 6.18:registry.redhat.io/satellite/foreman-mcp-server-rhel9@sha256:6dccc74936d6698a043e22a9f5ef42da0c4fc4ddb6feb903417ebf5627685138_amd64"
},
"product_reference": "registry.redhat.io/satellite/foreman-mcp-server-rhel9@sha256:6dccc74936d6698a043e22a9f5ef42da0c4fc4ddb6feb903417ebf5627685138_amd64",
"relates_to_product_reference": "Red Hat Satellite 6.18"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-69196",
"cwe": {
"id": "CWE-1220",
"name": "Insufficient Granularity of Access Control"
},
"discovery_date": "2026-03-16T19:01:37.622938+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448179"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in FastMCP, a framework for building MCP applications. The server does not correctly process the resource parameter provided by the client during authorization and token requests. This can lead to security tokens being issued for an unintended base URL (Uniform Resource Locator) instead of the specific MCP server. Such improper token issuance could allow an attacker to gain unauthorized access or disclose sensitive information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "fastmcp: FastMCP: Improper token issuance due to incorrect resource parameter handling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Important: FastMCP, as utilized in several Red Hat products, contains a flaw where the server incorrectly processes the resource parameter during authorization and token requests. This can lead to security tokens being issued for an unintended base URL, potentially allowing unauthorized access or information disclosure. This affects Hosted OpenShift Clusters, Red Hat OpenShift AI, and Red Hat Satellite. Red Hat Developer Hub is not affected as the vulnerable code is not present.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Satellite 6.18:registry.redhat.io/satellite/foreman-mcp-server-rhel9@sha256:6dccc74936d6698a043e22a9f5ef42da0c4fc4ddb6feb903417ebf5627685138_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-69196"
},
{
"category": "external",
"summary": "RHBZ#2448179",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448179"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-69196",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69196"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-69196",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69196"
},
{
"category": "external",
"summary": "https://github.com/PrefectHQ/fastmcp/security/advisories/GHSA-5h2m-4q8j-pqpj",
"url": "https://github.com/PrefectHQ/fastmcp/security/advisories/GHSA-5h2m-4q8j-pqpj"
}
],
"release_date": "2026-03-16T18:07:06.332000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-07T19:24:16+00:00",
"details": "For Satellite MCP integration see the Red Hat Satellite documentation.",
"product_ids": [
"Red Hat Satellite 6.18:registry.redhat.io/satellite/foreman-mcp-server-rhel9@sha256:6dccc74936d6698a043e22a9f5ef42da0c4fc4ddb6feb903417ebf5627685138_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36350"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Satellite 6.18:registry.redhat.io/satellite/foreman-mcp-server-rhel9@sha256:6dccc74936d6698a043e22a9f5ef42da0c4fc4ddb6feb903417ebf5627685138_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "fastmcp: FastMCP: Improper token issuance due to incorrect resource parameter handling"
},
{
"cve": "CVE-2025-69872",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2026-02-11T19:01:01.798056+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2439059"
}
],
"notes": [
{
"category": "description",
"text": "A deserialization flaw was found in python-diskcache. This component uses Python pickle for serialization by default. An attacker with write access to the cache directory can exploit this vulnerability to achieve arbitrary code execution when a victim application reads from the cache. The impact of this flaw is scoped to the user running the tool.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-diskcache: python-diskcache: Arbitrary code execution via insecure pickle deserialization",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat products are not affected by this flaw in their default state. Multiple default parameters would need to be altered in order for this flaw to exploitable. Products that make use of vLLM would need to be configured to use the `outlines` backend, a specific environmental variable in the vLLM process namespace would need to be set and the attacker would need to have access to the restricted cache directory. Red Hat customers who do not alter these values are not at risk.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Satellite 6.18:registry.redhat.io/satellite/foreman-mcp-server-rhel9@sha256:6dccc74936d6698a043e22a9f5ef42da0c4fc4ddb6feb903417ebf5627685138_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-69872"
},
{
"category": "external",
"summary": "RHBZ#2439059",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439059"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-69872",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69872"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-69872",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69872"
},
{
"category": "external",
"summary": "https://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69872-DiskCache-Pickle-Deserialization.md",
"url": "https://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69872-DiskCache-Pickle-Deserialization.md"
},
{
"category": "external",
"summary": "https://github.com/grantjenks/python-diskcache",
"url": "https://github.com/grantjenks/python-diskcache"
}
],
"release_date": "2026-02-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-07T19:24:16+00:00",
"details": "For Satellite MCP integration see the Red Hat Satellite documentation.",
"product_ids": [
"Red Hat Satellite 6.18:registry.redhat.io/satellite/foreman-mcp-server-rhel9@sha256:6dccc74936d6698a043e22a9f5ef42da0c4fc4ddb6feb903417ebf5627685138_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36350"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Satellite 6.18:registry.redhat.io/satellite/foreman-mcp-server-rhel9@sha256:6dccc74936d6698a043e22a9f5ef42da0c4fc4ddb6feb903417ebf5627685138_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"Red Hat Satellite 6.18:registry.redhat.io/satellite/foreman-mcp-server-rhel9@sha256:6dccc74936d6698a043e22a9f5ef42da0c4fc4ddb6feb903417ebf5627685138_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "python-diskcache: python-diskcache: Arbitrary code execution via insecure pickle deserialization"
},
{
"cve": "CVE-2026-32871",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2026-04-02T16:03:11.915742+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2454434"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in FastMCP. An authenticated attacker can exploit a path traversal vulnerability in the _build_url() method of the RequestDirector class. By manipulating path parameters in an OpenAPI operation, an attacker can use directory traversal sequences (../) to bypass the intended API prefix. This allows the attacker to access arbitrary backend endpoints, leading to authenticated Server-Side Request Forgery (SSRF). Server-Side Request Forgery (SSRF) enables an attacker to compel the server-side application to send HTTP requests to an arbitrary domain.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "fastmcp: FastMCP: Authenticated Server-Side Request Forgery via path traversal in OpenAPI path parameters",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important severity flaw affecting FastMCP, which is utilized in Red Hat OpenShift AI, Red Hat Satellite, Hosted OpenShift Clusters, and Ansible Services. An authenticated attacker can exploit a path traversal vulnerability in FastMCP\u0027s OpenAPI path parameter handling to achieve Server-Side Request Forgery (SSRF), allowing access to arbitrary backend endpoints. As a result of a successful exploitation of this vulnerability the attacker may be able to access private endpoints, exfiltrate data, achieving privilege escalation or by-pass security controls within the affected component.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Satellite 6.18:registry.redhat.io/satellite/foreman-mcp-server-rhel9@sha256:6dccc74936d6698a043e22a9f5ef42da0c4fc4ddb6feb903417ebf5627685138_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32871"
},
{
"category": "external",
"summary": "RHBZ#2454434",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454434"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32871",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32871"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32871",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32871"
},
{
"category": "external",
"summary": "https://github.com/PrefectHQ/fastmcp/commit/40bdfb6b1de0ce30609ee9ba5bb95ecd04a9fb71",
"url": "https://github.com/PrefectHQ/fastmcp/commit/40bdfb6b1de0ce30609ee9ba5bb95ecd04a9fb71"
},
{
"category": "external",
"summary": "https://github.com/PrefectHQ/fastmcp/pull/3507",
"url": "https://github.com/PrefectHQ/fastmcp/pull/3507"
},
{
"category": "external",
"summary": "https://github.com/PrefectHQ/fastmcp/releases/tag/v3.2.0",
"url": "https://github.com/PrefectHQ/fastmcp/releases/tag/v3.2.0"
},
{
"category": "external",
"summary": "https://github.com/PrefectHQ/fastmcp/security/advisories/GHSA-vv7q-7jx5-f767",
"url": "https://github.com/PrefectHQ/fastmcp/security/advisories/GHSA-vv7q-7jx5-f767"
}
],
"release_date": "2026-04-02T14:52:39.978000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-07T19:24:16+00:00",
"details": "For Satellite MCP integration see the Red Hat Satellite documentation.",
"product_ids": [
"Red Hat Satellite 6.18:registry.redhat.io/satellite/foreman-mcp-server-rhel9@sha256:6dccc74936d6698a043e22a9f5ef42da0c4fc4ddb6feb903417ebf5627685138_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36350"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Satellite 6.18:registry.redhat.io/satellite/foreman-mcp-server-rhel9@sha256:6dccc74936d6698a043e22a9f5ef42da0c4fc4ddb6feb903417ebf5627685138_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Satellite 6.18:registry.redhat.io/satellite/foreman-mcp-server-rhel9@sha256:6dccc74936d6698a043e22a9f5ef42da0c4fc4ddb6feb903417ebf5627685138_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "fastmcp: FastMCP: Authenticated Server-Side Request Forgery via path traversal in OpenAPI path parameters"
},
{
"cve": "CVE-2026-44431",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"discovery_date": "2026-05-13T17:01:41.663622+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477167"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via `ProxyManager.connection_from_url().urlopen()` with `assert_same_host=False`, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitive information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Satellite 6.18:registry.redhat.io/satellite/foreman-mcp-server-rhel9@sha256:6dccc74936d6698a043e22a9f5ef42da0c4fc4ddb6feb903417ebf5627685138_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44431"
},
{
"category": "external",
"summary": "RHBZ#2477167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477167"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44431",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44431"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44431",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44431"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc"
}
],
"release_date": "2026-05-13T15:20:24.588000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-07T19:24:16+00:00",
"details": "For Satellite MCP integration see the Red Hat Satellite documentation.",
"product_ids": [
"Red Hat Satellite 6.18:registry.redhat.io/satellite/foreman-mcp-server-rhel9@sha256:6dccc74936d6698a043e22a9f5ef42da0c4fc4ddb6feb903417ebf5627685138_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36350"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Satellite 6.18:registry.redhat.io/satellite/foreman-mcp-server-rhel9@sha256:6dccc74936d6698a043e22a9f5ef42da0c4fc4ddb6feb903417ebf5627685138_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers"
},
{
"cve": "CVE-2026-44432",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-05-13T17:01:01.083841+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477154"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Satellite 6.18:registry.redhat.io/satellite/foreman-mcp-server-rhel9@sha256:6dccc74936d6698a043e22a9f5ef42da0c4fc4ddb6feb903417ebf5627685138_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44432"
},
{
"category": "external",
"summary": "RHBZ#2477154",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477154"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44432",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44432"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j"
}
],
"release_date": "2026-05-13T15:17:12.611000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-07T19:24:16+00:00",
"details": "For Satellite MCP integration see the Red Hat Satellite documentation.",
"product_ids": [
"Red Hat Satellite 6.18:registry.redhat.io/satellite/foreman-mcp-server-rhel9@sha256:6dccc74936d6698a043e22a9f5ef42da0c4fc4ddb6feb903417ebf5627685138_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36350"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Satellite 6.18:registry.redhat.io/satellite/foreman-mcp-server-rhel9@sha256:6dccc74936d6698a043e22a9f5ef42da0c4fc4ddb6feb903417ebf5627685138_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression"
},
{
"cve": "CVE-2026-48526",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-05-28T16:01:22.805235+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2482734"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in PyJWT, a Python library for JSON Web Token (JWT) implementation. When decoding JWTs, the library fails to validate the use of JSON Web Keys (JWK) in the HMAC algorithm while also supporting asymmetric algorithms. This allows a remote attacker to use the issuer\u0027s public key as the secret key for the HMAC algorithm, leading to the ability to forge JWTs. This vulnerability can result in authentication bypass or unauthorized access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-pyjwt: PyJWT: Authentication bypass due to forged JSON Web Tokens",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important vulnerability in PyJWT allows for authentication bypass and unauthorized access. It occurs when a JWT verifier is misconfigured to accept both symmetric and asymmetric algorithms, and a public JSON Web Key is erroneously used as the HMAC secret. Red Hat products are only affected if they utilize this specific, non-standard verifier configuration.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Satellite 6.18:registry.redhat.io/satellite/foreman-mcp-server-rhel9@sha256:6dccc74936d6698a043e22a9f5ef42da0c4fc4ddb6feb903417ebf5627685138_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48526"
},
{
"category": "external",
"summary": "RHBZ#2482734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482734"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48526",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48526"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48526",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48526"
},
{
"category": "external",
"summary": "https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx",
"url": "https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx"
}
],
"release_date": "2026-05-28T15:09:09.258000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-07T19:24:16+00:00",
"details": "For Satellite MCP integration see the Red Hat Satellite documentation.",
"product_ids": [
"Red Hat Satellite 6.18:registry.redhat.io/satellite/foreman-mcp-server-rhel9@sha256:6dccc74936d6698a043e22a9f5ef42da0c4fc4ddb6feb903417ebf5627685138_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36350"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Satellite 6.18:registry.redhat.io/satellite/foreman-mcp-server-rhel9@sha256:6dccc74936d6698a043e22a9f5ef42da0c4fc4ddb6feb903417ebf5627685138_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "python-pyjwt: PyJWT: Authentication bypass due to forged JSON Web Tokens"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.