Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Lightspeed
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Lightspeed
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2026:34367 - Security Advisory
Issued:
2026-07-01
Updated:
2026-07-01

RHSA-2026:34367 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: Satellite 6.16.10 Async Update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update is now available for Red Hat Satellite 6.16 for RHEL 8 and RHEL 9.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

Description

Red Hat Satellite is a system management solution that allows organizations
to configure and maintain their systems without the necessity to provide
public Internet access to their servers or other client systems. It
performs provisioning and configuration management of predefined standard
operating environments.

Security Fix(es):

  • satellite-capsule:el8/foreman: Foreman: Privilege escalation to administrator-level access via usergroup role assignment manipulation (CVE-2026-5136)
  • foreman: Foreman: Privilege escalation to administrator-level access via usergroup role assignment manipulation (CVE-2026-5136)
  • foreman: Foreman: Information disclosure via improper validation of nested request parameters (CVE-2026-5138)
  • satellite-capsule:el8/foreman: Foreman: Information disclosure via improper validation of nested request parameters (CVE-2026-5138)
  • satellite-capsule:el8/foreman: Foreman: Unauthorized modification of host configurations via broken access control (CVE-2026-5135)
  • foreman: Foreman: Unauthorized modification of host configurations via broken access control (CVE-2026-5135)
  • foreman: foreman: Cross-tenant private SSH key disclosure via taxonomy scoping bypass (CVE-2026-5142)
  • satellite-capsule:el8/foreman: foreman: Cross-tenant private SSH key disclosure via taxonomy scoping bypass (CVE-2026-5142)

Bug Fix(es):

  • foreman-maintain from eus repository not enabling proper repos (SAT-47220)

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 9 x86_64
  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Satellite Extended Update Support 6.16 for RHEL 9 x86_64
  • Red Hat Satellite Extended Update Support 6.16 for RHEL 8 x86_64
  • Red Hat Satellite Capsule Extended Update Support 6.16 for RHEL 9 x86_64
  • Red Hat Satellite Capsule Extended Update Support 6.16 for RHEL 8 x86_64

Fixes

  • BZ - 2452230 - CVE-2026-5135 foreman: Foreman: Unauthorized modification of host configurations via broken access control
  • BZ - 2452970 - CVE-2026-5136 foreman: Foreman: Privilege escalation to administrator-level access via usergroup role assignment manipulation
  • BZ - 2452971 - CVE-2026-5138 foreman: Foreman: Information disclosure via improper validation of nested request parameters
  • BZ - 2452999 - CVE-2026-5142 foreman: foreman: Cross-tenant private SSH key disclosure via taxonomy scoping bypass
  • SAT-47220 - foreman-maintain from eus repository not enabling proper repos

CVEs

  • CVE-2026-5135
  • CVE-2026-5136
  • CVE-2026-5138
  • CVE-2026-5142

References

  • https://access.redhat.com/security/updates/classification/#important
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 9

SRPM
foreman-3.12.0.17-1.el9sat.src.rpm SHA-256: 2a6dcc9808cb9f50237d3b36ac8baa648cbd032febbcecce1fff7e1ec066abf0
rubygem-foreman_maintain-1.7.14-2.el9sat.src.rpm SHA-256: da48623d6fa512f84f7790e27c4878ff78a3c58248009cbe3a6a61c9a4cc985f
satellite-6.16.10-1.el9sat.src.rpm SHA-256: 424aba63a6756d80946912ddf546168b47096bc3c3461d8ae5edf5b9ca51aa46
x86_64
foreman-cli-3.12.0.17-1.el9sat.noarch.rpm SHA-256: 94f1c7d0ad04400ec5dcd6fa7beebf6323ae8e8a14dfd3860cee2e6be36c4f82
rubygem-foreman_maintain-1.7.14-2.el9sat.noarch.rpm SHA-256: 1dacad7d07396d9d0f9a0c3c28ac3e3c8382ad70538c33db60fbe02dce3e5fdc
satellite-cli-6.16.10-1.el9sat.noarch.rpm SHA-256: 268ad8239f7924325a4d82061933e1d14299316bb0262af3a27cda0e0e5d9a03

Red Hat Enterprise Linux for x86_64 8

SRPM
foreman-3.12.0.17-1.el8sat.src.rpm SHA-256: edcd79fd0434a33fad5afa637c4185bd5cc9520684d28b962bbf66d1054f2ff7
rubygem-foreman_maintain-1.7.14-2.el8sat.src.rpm SHA-256: 07a53f98dae0d953833e0bfd2b79cdbdab281a43fc11a782f808c9ee1b50316d
satellite-6.16.10-1.el8sat.src.rpm SHA-256: 36c35f17c6f32064815948c3345c8d642051576795b4c9dff36bc5a371079945
x86_64
foreman-cli-3.12.0.17-1.el8sat.noarch.rpm SHA-256: aeb78b2b9449c478d3664dc9906423572588f8e64ec2fee5c6a88d889bc91764
rubygem-foreman_maintain-1.7.14-2.el8sat.noarch.rpm SHA-256: b3f5fc7520a85253daa1eada8205c25799be3bceed4053c48447c9e7619f04a9
satellite-cli-6.16.10-1.el8sat.noarch.rpm SHA-256: ab9b94867db9d468722703bf0234d5d702b114021ac6d0c84479ed057f89bb83

Red Hat Satellite Extended Update Support 6.16 for RHEL 9

SRPM
foreman-3.12.0.17-1.el9sat.src.rpm SHA-256: 2a6dcc9808cb9f50237d3b36ac8baa648cbd032febbcecce1fff7e1ec066abf0
rubygem-foreman_maintain-1.7.14-2.el9sat.src.rpm SHA-256: da48623d6fa512f84f7790e27c4878ff78a3c58248009cbe3a6a61c9a4cc985f
satellite-6.16.10-1.el9sat.src.rpm SHA-256: 424aba63a6756d80946912ddf546168b47096bc3c3461d8ae5edf5b9ca51aa46
x86_64
foreman-3.12.0.17-1.el9sat.noarch.rpm SHA-256: c98c48cfcd1d237780f8391da487e4b93b4d8f2a51d443b56e4e493ab0ace91c
foreman-cli-3.12.0.17-1.el9sat.noarch.rpm SHA-256: 94f1c7d0ad04400ec5dcd6fa7beebf6323ae8e8a14dfd3860cee2e6be36c4f82
foreman-debug-3.12.0.17-1.el9sat.noarch.rpm SHA-256: 62fca3e1ede46c281d56216dc9068b711937c3e8183e81b6c3dd9fb671679e36
foreman-dynflow-sidekiq-3.12.0.17-1.el9sat.noarch.rpm SHA-256: 8f71f2b660fe647e57a1b8322242a03cbfb58cbeac541f87a3a85a9a22ad8baa
foreman-ec2-3.12.0.17-1.el9sat.noarch.rpm SHA-256: 3134be8984335384a8fed0979192ab60c9ebce8574135b61b393d827ae974497
foreman-journald-3.12.0.17-1.el9sat.noarch.rpm SHA-256: fc487891c222517caa7e44185c20cb47ac4b84248a5796a9a8a47a841dc36c6d
foreman-libvirt-3.12.0.17-1.el9sat.noarch.rpm SHA-256: ca8a18dfbe47e4b6be221ccd298a52c1637d452b748cf6340f0d86721af4e286
foreman-openstack-3.12.0.17-1.el9sat.noarch.rpm SHA-256: 5ecce3885c8fe22b4c70d5fd87e91f3e6fe332a56122dd2a4d67aaf4bb271c63
foreman-ovirt-3.12.0.17-1.el9sat.noarch.rpm SHA-256: 7cbfcbf5b8b7639c3db3a4a87b5e24ef5fb4f2e8a2ea76db965340f38e1afbb6
foreman-pcp-3.12.0.17-1.el9sat.noarch.rpm SHA-256: 3371437e9050a672a1d217e65b16eb5e9fc99e442968d84a133ba6639c1dbe84
foreman-postgresql-3.12.0.17-1.el9sat.noarch.rpm SHA-256: 6d604f76dd8fe070f41edd1be3f2d94407017ae83ec013f01445155b272eec01
foreman-redis-3.12.0.17-1.el9sat.noarch.rpm SHA-256: 95e7b6dd50940767c33f8393dedf15b6cc873a9c5b9ab24eaf79697d7e508e0b
foreman-service-3.12.0.17-1.el9sat.noarch.rpm SHA-256: 5820132fad10bb4873a7c85415b792c850931644b381d004fc6c943994cfe721
foreman-telemetry-3.12.0.17-1.el9sat.noarch.rpm SHA-256: 17691589fcfb38cbc1eb95de9b991a352de66630254ef3805f40297c08cbfded
foreman-vmware-3.12.0.17-1.el9sat.noarch.rpm SHA-256: 82e407c34b7293d75b27892827d64edc88d4d4d909af1bb724184fc028da500d
rubygem-foreman_maintain-1.7.14-2.el9sat.noarch.rpm SHA-256: 1dacad7d07396d9d0f9a0c3c28ac3e3c8382ad70538c33db60fbe02dce3e5fdc
satellite-6.16.10-1.el9sat.noarch.rpm SHA-256: 3138a69dac25689bba94a83cda49fe7336972efda0ff522784bdc6a552dd1092
satellite-cli-6.16.10-1.el9sat.noarch.rpm SHA-256: 268ad8239f7924325a4d82061933e1d14299316bb0262af3a27cda0e0e5d9a03
satellite-common-6.16.10-1.el9sat.noarch.rpm SHA-256: 3d2265b7a0ca4e5a738056d00a359641d1d45dd293bab927c8a3381387f75943

Red Hat Satellite Extended Update Support 6.16 for RHEL 8

SRPM
foreman-3.12.0.17-1.el8sat.src.rpm SHA-256: edcd79fd0434a33fad5afa637c4185bd5cc9520684d28b962bbf66d1054f2ff7
rubygem-foreman_maintain-1.7.14-2.el8sat.src.rpm SHA-256: 07a53f98dae0d953833e0bfd2b79cdbdab281a43fc11a782f808c9ee1b50316d
satellite-6.16.10-1.el8sat.src.rpm SHA-256: 36c35f17c6f32064815948c3345c8d642051576795b4c9dff36bc5a371079945
x86_64
foreman-3.12.0.17-1.el8sat.noarch.rpm SHA-256: 96ccb11424f00c112551fd6a15fcfe72f4db183644fc7e0d3537b4f274038c41
foreman-cli-3.12.0.17-1.el8sat.noarch.rpm SHA-256: aeb78b2b9449c478d3664dc9906423572588f8e64ec2fee5c6a88d889bc91764
foreman-debug-3.12.0.17-1.el8sat.noarch.rpm SHA-256: 16001ebea5500189d996b7500544c9cb91fb8682f2b987fc83075a5f231e074a
foreman-dynflow-sidekiq-3.12.0.17-1.el8sat.noarch.rpm SHA-256: 78dbd7c2e300c4f4f090404570d7dc4fa8c8b1c2066311acad00c027dce40fb4
foreman-ec2-3.12.0.17-1.el8sat.noarch.rpm SHA-256: 1a0227b7d39554b62fac3bb6c0940891fc026e8f7eb0520c6e19f7d17c60b787
foreman-journald-3.12.0.17-1.el8sat.noarch.rpm SHA-256: a0c5f88557e844b5906100964cd600bc66b76038986c27ff51079b357df724db
foreman-libvirt-3.12.0.17-1.el8sat.noarch.rpm SHA-256: 160d07f000c974c1772b4f24d198fc9ca7e76a2b878e6a762b1109329d56a559
foreman-openstack-3.12.0.17-1.el8sat.noarch.rpm SHA-256: 2fbee0f88ee4ea7c4470dfb1527aa471dfb0e466697a5a8cdc4b297beab9cce6
foreman-ovirt-3.12.0.17-1.el8sat.noarch.rpm SHA-256: 1fbeee1b04d7524bc4f6facf30f493542ae0a12e8f493c847251d00c2883b8f8
foreman-pcp-3.12.0.17-1.el8sat.noarch.rpm SHA-256: aa075f23aed26d8c7e0f2cb9216f88fb8dfd8aeb2602c06a676b7ed04f37a0cd
foreman-postgresql-3.12.0.17-1.el8sat.noarch.rpm SHA-256: bf82c8df902b6399d4c7c8379cae4ba347113e1ba86b461311abfce31940a248
foreman-redis-3.12.0.17-1.el8sat.noarch.rpm SHA-256: e510fd97940ae7513c74fef615a526c4c8e4d83c09b8e1aef23ef2ec2a851da1
foreman-service-3.12.0.17-1.el8sat.noarch.rpm SHA-256: e6c4b186ea839e978bd0b434902a5582a194be28d5842442964cf6b72faa218d
foreman-telemetry-3.12.0.17-1.el8sat.noarch.rpm SHA-256: cae2d693ebf80e4178c4677b58a68120f8198a9e4ae715c40704c362a46752ed
foreman-vmware-3.12.0.17-1.el8sat.noarch.rpm SHA-256: b8e26a3f2599062eb65467b74e6c5370d9ca629a10e771220deff19ee720dd5f
rubygem-foreman_maintain-1.7.14-2.el8sat.noarch.rpm SHA-256: b3f5fc7520a85253daa1eada8205c25799be3bceed4053c48447c9e7619f04a9
satellite-6.16.10-1.el8sat.noarch.rpm SHA-256: 36ff00fbadfa0a9c6bf6efc033c469076ca68454eb48f7dada8813ce613d323c
satellite-cli-6.16.10-1.el8sat.noarch.rpm SHA-256: ab9b94867db9d468722703bf0234d5d702b114021ac6d0c84479ed057f89bb83
satellite-common-6.16.10-1.el8sat.noarch.rpm SHA-256: 488b3900addaee6e8867629d0ab0c69af17bbc2668d9f93c5b61fa3f1ec30586

Red Hat Satellite Capsule Extended Update Support 6.16 for RHEL 9

SRPM
foreman-3.12.0.17-1.el9sat.src.rpm SHA-256: 2a6dcc9808cb9f50237d3b36ac8baa648cbd032febbcecce1fff7e1ec066abf0
rubygem-foreman_maintain-1.7.14-2.el9sat.src.rpm SHA-256: da48623d6fa512f84f7790e27c4878ff78a3c58248009cbe3a6a61c9a4cc985f
satellite-6.16.10-1.el9sat.src.rpm SHA-256: 424aba63a6756d80946912ddf546168b47096bc3c3461d8ae5edf5b9ca51aa46
x86_64
foreman-debug-3.12.0.17-1.el9sat.noarch.rpm SHA-256: 62fca3e1ede46c281d56216dc9068b711937c3e8183e81b6c3dd9fb671679e36
foreman-pcp-3.12.0.17-1.el9sat.noarch.rpm SHA-256: 3371437e9050a672a1d217e65b16eb5e9fc99e442968d84a133ba6639c1dbe84
rubygem-foreman_maintain-1.7.14-2.el9sat.noarch.rpm SHA-256: 1dacad7d07396d9d0f9a0c3c28ac3e3c8382ad70538c33db60fbe02dce3e5fdc
satellite-capsule-6.16.10-1.el9sat.noarch.rpm SHA-256: c9a16e98c94befbe8f33bccfbd72f78f548f32fea1b7a44465c86f0dbe4e0926
satellite-common-6.16.10-1.el9sat.noarch.rpm SHA-256: 3d2265b7a0ca4e5a738056d00a359641d1d45dd293bab927c8a3381387f75943

Red Hat Satellite Capsule Extended Update Support 6.16 for RHEL 8

SRPM
foreman-3.12.0.17-1.el8sat.src.rpm SHA-256: edcd79fd0434a33fad5afa637c4185bd5cc9520684d28b962bbf66d1054f2ff7
rubygem-foreman_maintain-1.7.14-2.el8sat.src.rpm SHA-256: 07a53f98dae0d953833e0bfd2b79cdbdab281a43fc11a782f808c9ee1b50316d
satellite-6.16.10-1.el8sat.src.rpm SHA-256: 36c35f17c6f32064815948c3345c8d642051576795b4c9dff36bc5a371079945
x86_64
foreman-debug-3.12.0.17-1.el8sat.noarch.rpm SHA-256: 16001ebea5500189d996b7500544c9cb91fb8682f2b987fc83075a5f231e074a
foreman-pcp-3.12.0.17-1.el8sat.noarch.rpm SHA-256: aa075f23aed26d8c7e0f2cb9216f88fb8dfd8aeb2602c06a676b7ed04f37a0cd
rubygem-foreman_maintain-1.7.14-2.el8sat.noarch.rpm SHA-256: b3f5fc7520a85253daa1eada8205c25799be3bceed4053c48447c9e7619f04a9
satellite-capsule-6.16.10-1.el8sat.noarch.rpm SHA-256: 9b81724840fee4cce2075c73ff4e5877e9ae2dbe8046860bd1b7ea2342cba340
satellite-common-6.16.10-1.el8sat.noarch.rpm SHA-256: 488b3900addaee6e8867629d0ab0c69af17bbc2668d9f93c5b61fa3f1ec30586

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2026 Red Hat

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility