CVE-2026-5142
Received Received - Intake

Authenticated users can bypass taxonomy scoping to download private SSH keys in Foreman

Vulnerability report for CVE-2026-5142, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-01

Last updated on: 2026-07-01

Assigner: Red Hat, Inc.

Description

A flaw was found in foreman. Authenticated users with 'view_keypairs' permission can bypass taxonomy scoping, allowing them to download private SSH (Secure Shell) keys from other organizations by directly querying key pair IDs. This vulnerability leads to cross-tenant data exposure in multi-tenant deployments, potentially compromising sensitive information.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-01
Last Modified
2026-07-01
Generated
2026-07-01
AI Q&A
2026-07-01
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 3 associated CPEs
Vendor Product Version / Range
redhat foreman *
redhat foreman to 2026-04-30 (inc)
foreman foreman to 2026-04-30 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-639 The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-5142 is a vulnerability in Foreman that allows authenticated users with the 'view_keypairs' permission to bypass taxonomy scoping controls.

This bypass enables these users to directly query key pair IDs and download private SSH keys belonging to other organizations in multi-tenant deployments.

The attack requires a valid user account with the appropriate permission and the ability to guess or enumerate predictable key pair IDs.

Impact Analysis

This vulnerability can lead to cross-tenant data exposure by allowing unauthorized access to private SSH keys from other organizations.

Compromise of private SSH keys can result in unauthorized access to systems, potentially leading to further security breaches or data loss.

Since the vulnerability affects multi-tenant deployments, it can impact multiple organizations sharing the same Foreman instance.

Detection Guidance

This vulnerability can be detected by monitoring for attempts where authenticated users with the 'view_keypairs' permission query key pair IDs directly, especially if these IDs are predictable or enumerated.

Detection involves auditing logs for unusual access patterns to private SSH keys across different organizations, particularly requests that bypass taxonomy scoping.

Since the vulnerability requires guessing or enumerating key pair IDs, commands or scripts that repeatedly request key pair data with varying IDs could indicate exploitation attempts.

Specific commands are not provided in the resources, but administrators should review Foreman access logs and API request logs for suspicious queries involving key pair IDs.

Mitigation Strategies

Immediate mitigation steps include restricting the 'view_keypairs' permission to only trusted users and roles, minimizing the number of users who can access private SSH keys.

Administrators should monitor and audit access to key pairs to detect and prevent unauthorized downloads.

Applying any available patches or updates from the Foreman product security team as soon as they are released is critical to fully resolve the issue.

Until a patch is applied, consider implementing additional access controls or network segmentation to limit exposure in multi-tenant environments.

Compliance Impact

This vulnerability leads to cross-tenant data exposure in multi-tenant deployments by allowing authenticated users with specific permissions to download private SSH keys from other organizations. Such unauthorized access to sensitive information could potentially compromise compliance with data protection standards and regulations like GDPR and HIPAA, which require strict controls over access to sensitive data and prevention of data breaches.

However, the provided information does not explicitly mention the impact on compliance with these standards or any regulatory consequences.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-5142. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart