Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-12112— Foreman-mcp-server: mcp server: active session hijacking via insecure session state reuse

CVSS 7.8 · High EPSS 0.15% · P5

Possible ATT&CK Techniques 1AI

T1078 · Valid Accounts

Affected Version Matrix 1

VendorProductVersion RangeStatus
Red HatRed Hat Satellite 6.191782228692< *unaffected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-12112

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Foreman-mcp-server: mcp server: active session hijacking via insecure session state reuse
Source: NVD (National Vulnerability Database)
Vulnerability Description
A flaw was found in the foreman-mcp-server. A session management vulnerability in the MCP Server allows unauthenticated attackers to hijack active administrative sessions due to an improper cache of authenticated client connections, by trusting a non-secret session ID without re-validating authentication tokens and by logging all newly created session IDs to standard logs. This issue can result in privilege escalation and infrastructure-wide code execution.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
认证机制不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
The Foreman foreman-mcp-server 授权问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
The Foreman foreman-mcp-server是The Foreman组织的一个连接Foreman基础设施管理平台的MCP服务器。 The Foreman foreman-mcp-server存在授权问题漏洞,该漏洞源于会话管理问题,未经验证的攻击者可能劫持活动管理会话,导致权限提升和基础设施范围内的代码执行。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
Red HatRed Hat Satellite 6.19 1782228692 ~ * cpe:/a:redhat:satellite:6.19::el9

II. Public POCs for CVE-2026-12112

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-12112

登录查看更多情报信息。

Vendor Advisories for CVE-2026-12112 (1)

Other References for CVE-2026-12112 (2)

Same Patch Batch · Red Hat · 2026-06-23 · 12 CVEs total

CVE-2026-118079.6 CRITICALEda-server: websocket missing authorization allows credential theft via activation_id spoo
CVE-2026-106096.8 MEDIUMOpenshift/cluster-logging-operator: cluster logging operator creates and forwards servicea
CVE-2026-118206.5 MEDIUMCommunity.general: community.general nexmo — api credentials exposed in get url query stri
CVE-2026-90736.2 MEDIUMForeman-mcp-server: mcp server: insecure sensitive http header sanitization
CVE-2026-118195.5 MEDIUMCommunity.general: community.general keyring_info — os keyring passphrase returned in plai
CVE-2026-129695.3 MEDIUMDnsmasq: dnsmasq: out-of-bounds read in find_soa() due to missing extrabytes validation
CVE-2026-556555.0 MEDIUMOpenssh: local mitm of x11 forwarding via abstract unix socket pre-binding in red hat ente
CVE-2026-128924.4 MEDIUMGstreamer1-plugins-bad: gstreamer1-plugins-bad: 1-byte heap out-of-bounds read in h.264 na
CVE-2026-556534.3 MEDIUMOpenssh: double free in red hat enterprise linux versions of openssh dh-gex client path du
CVE-2026-128914.3 MEDIUMGstreamer1-plugins-bad: gstreamer1-plugins-bad: global buffer overflow (oob read) in h.266
CVE-2026-556543.7 LOWOpenssh: heap out-of-bounds read in red hat enterprise linux versions of openssh gssapi in

IV. Related Vulnerabilities

V. Comments for CVE-2026-12112

No comments yet


Leave a comment