CVE-2026-0980
Received Received - Intake
Remote Code Execution in rubyipmi BMC via Malicious Username

Publication date: 2026-02-27

Last updated on: 2026-03-27

Assigner: Red Hat, Inc.

Description
A flaw was found in rubyipmi, a gem used in the Baseboard Management Controller (BMC) component of Red Hat Satellite. An authenticated attacker with host creation or update permissions could exploit this vulnerability by crafting a malicious username for the BMC interface. This could lead to remote code execution (RCE) on the system.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-27
Last Modified
2026-03-27
Generated
2026-06-16
AI Q&A
2026-02-27
EPSS Evaluated
2026-06-15
NVD
CVE-2026-0980
EUVD
EUVD-2026-9006
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
redhat satellite 6.0
logicminds rubyipmi to 0.12.1 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in rubyipmi, a gem used in the Baseboard Management Controller (BMC) component of Red Hat Satellite. An authenticated attacker who has permissions to create or update hosts can exploit this flaw by crafting a malicious username for the BMC interface. Exploiting this vulnerability could allow the attacker to execute arbitrary code remotely on the affected system.

Impact Analysis

The impact of this vulnerability is significant because it allows remote code execution (RCE) on the system. This means an attacker with certain permissions could run arbitrary commands or code remotely, potentially leading to full system compromise, unauthorized access to sensitive data, disruption of services, or further attacks within the network.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-0980. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart