RHSA-2026:28405

Vulnerability from csaf_redhat - Published: 2026-06-23 16:50 - Updated: 2026-06-23 16:51
Summary
Red Hat Security Advisory: satellite/foreman-mcp-server-rhel9 container image available as a Technology Preview
Severity
Important
Notes
Topic: A new satellite/foreman-mcp-server-rhel9 container image is now available as a Technology Preview in the Red Hat container registry.
Details: Satellite provides a container image that you can use to run an MCP server locally. The MCP server for Satellite is designed for advanced reporting and data analysis that leverages AI capabilities. You can use it to generate dynamic and comprehensive reports from your Satellite inventory.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
CVE-2025-68158

A flaw was found in Authlib, a Python library used for building OAuth and OpenID Connect servers. The cache-backed state and request-token storage within Authlib is not securely linked to the user's initiating session. This vulnerability allows a remote attacker to exploit a Cross-Site Request Forgery (CSRF) by obtaining a valid state, which can lead to unauthorized actions being performed on behalf of the user.

5.7 (Medium)
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
CWE-352 - Cross-Site Request Forgery (CSRF)
Affected products
Product Identifier Version Remediation
Unresolved product id: Red Hat Satellite 6.18:registry.redhat.io/satellite/foreman-mcp-server-rhel9@sha256:1b7b876fff71426558de0a3f790b8c62f9e34c61b9d6dd80a6c7c45154971428_amd64
Vendor Fix fix
Workaround
Threats
Impact Moderate
References
To clipboard 

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "A new satellite/foreman-mcp-server-rhel9 container image is now available as a Technology Preview in the Red Hat container registry.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Satellite provides a container image that you can use to run an MCP server locally. The MCP server for Satellite is designed for advanced reporting and data analysis that leverages AI capabilities. You can use it to generate dynamic and comprehensive reports from your Satellite inventory.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2026:28405",
        "url": "https://access.redhat.com/errata/RHSA-2026:28405"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/documentation/en-us/red_hat_satellite/6.18/html/updating_red_hat_satellite/index",
        "url": "https://access.redhat.com/documentation/en-us/red_hat_satellite/6.18/html/updating_red_hat_satellite/index"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-68158",
        "url": "https://access.redhat.com/security/cve/CVE-2025-68158"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-12112",
        "url": "https://access.redhat.com/security/cve/CVE-2026-12112"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-9073",
        "url": "https://access.redhat.com/security/cve/CVE-2026-9073"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/",
        "url": "https://access.redhat.com/security/updates/classification/"
      },
      {
        "category": "external",
        "summary": "https://catalog.redhat.com/software/containers/search",
        "url": "https://catalog.redhat.com/software/containers/search"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_28405.json"
      }
    ],
    "title": "Red Hat Security Advisory: satellite/foreman-mcp-server-rhel9 container image available as a Technology Preview",
    "tracking": {
      "current_release_date": "2026-06-23T16:51:53+00:00",
      "generator": {
        "date": "2026-06-23T16:51:53+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "5.0.0"
        }
      },
      "id": "RHSA-2026:28405",
      "initial_release_date": "2026-06-23T16:50:16+00:00",
      "revision_history": [
        {
          "date": "2026-06-23T16:50:16+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2026-06-23T16:50:24+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-23T16:51:53+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Satellite 6.18",
                "product": {
                  "name": "Red Hat Satellite 6.18",
                  "product_id": "Red Hat Satellite 6.18",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:satellite:6.18::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Satellite"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/satellite/foreman-mcp-server-rhel9@sha256:1b7b876fff71426558de0a3f790b8c62f9e34c61b9d6dd80a6c7c45154971428_amd64",
                "product": {
                  "name": "registry.redhat.io/satellite/foreman-mcp-server-rhel9@sha256:1b7b876fff71426558de0a3f790b8c62f9e34c61b9d6dd80a6c7c45154971428_amd64",
                  "product_id": "registry.redhat.io/satellite/foreman-mcp-server-rhel9@sha256:1b7b876fff71426558de0a3f790b8c62f9e34c61b9d6dd80a6c7c45154971428_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/foreman-mcp-server-rhel9@sha256%3A1b7b876fff71426558de0a3f790b8c62f9e34c61b9d6dd80a6c7c45154971428?arch=amd64\u0026repository_url=registry.redhat.io/satellite/foreman-mcp-server-rhel9\u0026tag=1782228427"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/satellite/foreman-mcp-server-rhel9@sha256:1b7b876fff71426558de0a3f790b8c62f9e34c61b9d6dd80a6c7c45154971428_amd64 as a component of Red Hat Satellite 6.18",
          "product_id": "Red Hat Satellite 6.18:registry.redhat.io/satellite/foreman-mcp-server-rhel9@sha256:1b7b876fff71426558de0a3f790b8c62f9e34c61b9d6dd80a6c7c45154971428_amd64"
        },
        "product_reference": "registry.redhat.io/satellite/foreman-mcp-server-rhel9@sha256:1b7b876fff71426558de0a3f790b8c62f9e34c61b9d6dd80a6c7c45154971428_amd64",
        "relates_to_product_reference": "Red Hat Satellite 6.18"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-68158",
      "cwe": {
        "id": "CWE-352",
        "name": "Cross-Site Request Forgery (CSRF)"
      },
      "discovery_date": "2026-01-08T19:01:41.615962+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2428102"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Authlib, a Python library used for building OAuth and OpenID Connect servers. The cache-backed state and request-token storage within Authlib is not securely linked to the user\u0027s initiating session. This vulnerability allows a remote attacker to exploit a Cross-Site Request Forgery (CSRF) by obtaining a valid state, which can lead to unauthorized actions being performed on behalf of the user.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Authlib: Authlib: Cross-Site Request Forgery due to improper session management in state storage",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is rated Moderate for Red Hat products utilizing Authlib, such as Red Hat Ansible Automation Platform, Hosted OpenShift Clusters, Red Hat Quay, and Red Hat Satellite. The flaw arises from improper session management in Authlib\u0027s cache-backed state storage, allowing a remote attacker to perform Cross-Site Request Forgery (CSRF) by obtaining a valid state.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Satellite 6.18:registry.redhat.io/satellite/foreman-mcp-server-rhel9@sha256:1b7b876fff71426558de0a3f790b8c62f9e34c61b9d6dd80a6c7c45154971428_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-68158"
        },
        {
          "category": "external",
          "summary": "RHBZ#2428102",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428102"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-68158",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-68158"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68158",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68158"
        },
        {
          "category": "external",
          "summary": "https://github.com/authlib/authlib/commit/2808378611dd6fb2532b189a9087877d8f0c0489",
          "url": "https://github.com/authlib/authlib/commit/2808378611dd6fb2532b189a9087877d8f0c0489"
        },
        {
          "category": "external",
          "summary": "https://github.com/authlib/authlib/commit/7974f45e4d7492ab5f527577677f2770ce423228",
          "url": "https://github.com/authlib/authlib/commit/7974f45e4d7492ab5f527577677f2770ce423228"
        },
        {
          "category": "external",
          "summary": "https://github.com/authlib/authlib/security/advisories/GHSA-fg6f-75jq-6523",
          "url": "https://github.com/authlib/authlib/security/advisories/GHSA-fg6f-75jq-6523"
        }
      ],
      "release_date": "2026-01-08T17:58:17.724000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-23T16:50:16+00:00",
          "details": "For Satellite MCP integration see the Red Hat Satellite documentation.",
          "product_ids": [
            "Red Hat Satellite 6.18:registry.redhat.io/satellite/foreman-mcp-server-rhel9@sha256:1b7b876fff71426558de0a3f790b8c62f9e34c61b9d6dd80a6c7c45154971428_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:28405"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
          "product_ids": [
            "Red Hat Satellite 6.18:registry.redhat.io/satellite/foreman-mcp-server-rhel9@sha256:1b7b876fff71426558de0a3f790b8c62f9e34c61b9d6dd80a6c7c45154971428_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Satellite 6.18:registry.redhat.io/satellite/foreman-mcp-server-rhel9@sha256:1b7b876fff71426558de0a3f790b8c62f9e34c61b9d6dd80a6c7c45154971428_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Authlib: Authlib: Cross-Site Request Forgery due to improper session management in state storage"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.