{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-1530", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2026-01-28T12:41:52.835Z", "datePublished": "2026-02-02T05:47:10.049Z", "dateUpdated": "2026-02-02T16:28:31.327Z"}, "containers": {"cna": {"title": "Fog-kubevirt: fog-kubevirt: man-in-the-middle vulnerability due to disabled certificate validation", "metrics": [{"other": {"content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in fog-kubevirt. This vulnerability allows a remote attacker to perform a Man-in-the-Middle (MITM) attack due to disabled certificate validation. This enables the attacker to intercept and potentially alter sensitive communications between Satellite and OpenShift, resulting in information disclosure and data integrity compromise."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat Satellite 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rubygem-fog-kubevirt", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:satellite:6"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "satellite:el8/rubygem-fog-kubevirt", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:satellite:6"]}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-1530", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2433784", "name": "RHBZ#2433784", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2026-01-28T12:40:37.424Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-295", "description": "Improper Certificate Validation", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-295: Improper Certificate Validation", "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}], "timeline": [{"lang": "en", "time": "2026-01-28T12:39:43.076000+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-01-28T12:40:37.424000+00:00", "value": "Made public."}], "credits": [{"lang": "en", "value": "This issue was discovered by Evgeni Golov (Red Hat)."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-02-02T05:47:10.049Z"}, "x_generator": {"engine": "cvelib 1.8.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-02T16:26:13.539148Z", "id": "CVE-2026-1530", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-02T16:28:31.327Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-1530", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-02T16:26:13.539148Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-02T16:26:14.451Z"}}], "cna": {"title": "Fog-kubevirt: fog-kubevirt: man-in-the-middle vulnerability due to disabled certificate validation", "credits": [{"lang": "en", "value": "This issue was discovered by Evgeni Golov (Red Hat)."}], "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"cpes": ["cpe:/a:redhat:satellite:6"], "vendor": "Red Hat", "product": "Red Hat Satellite 6", "packageName": "rubygem-fog-kubevirt", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:satellite:6"], "vendor": "Red Hat", "product": "Red Hat Satellite 6", "packageName": "satellite:el8/rubygem-fog-kubevirt", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}], "timeline": [{"lang": "en", "time": "2026-01-28T12:39:43.076000+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-01-28T12:40:37.424000+00:00", "value": "Made public."}], "datePublic": "2026-01-28T12:40:37.424Z", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-1530", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2433784", "name": "RHBZ#2433784", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}], "x_generator": {"engine": "cvelib 1.8.0"}, "descriptions": [{"lang": "en", "value": "A flaw was found in fog-kubevirt. This vulnerability allows a remote attacker to perform a Man-in-the-Middle (MITM) attack due to disabled certificate validation. This enables the attacker to intercept and potentially alter sensitive communications between Satellite and OpenShift, resulting in information disclosure and data integrity compromise."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-295", "description": "Improper Certificate Validation"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-02-02T05:47:10.049Z"}, "x_redhatCweChain": "CWE-295: Improper Certificate Validation"}}, "cveMetadata": {"cveId": "CVE-2026-1530", "state": "PUBLISHED", "dateUpdated": "2026-02-02T16:28:31.327Z", "dateReserved": "2026-01-28T12:41:52.835Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2026-02-02T05:47:10.049Z", "assignerShortName": "redhat"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in fog-kubevirt. This vulnerability allows a remote attacker to perform a Man-in-the-Middle (MITM) attack due to disabled certificate validation. This enables the attacker to intercept and potentially alter sensitive communications between Satellite and OpenShift, resulting in information disclosure and data integrity compromise."}], "id": "CVE-2026-1530", "lastModified": "2026-02-03T16:44:36.630", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "secalert@redhat.com", "type": "Primary"}]}, "published": "2026-02-02T06:16:20.620", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/security/cve/CVE-2026-1530"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2433784"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-295"}], "source": "secalert@redhat.com", "type": "Primary"}]}

{"acknowledgement": "This issue was discovered by Evgeni Golov (Red Hat).", "bugzilla": {"description": "fog-kubevirt: fog-kubevirt: Man-in-the-Middle vulnerability due to disabled certificate validation", "id": "2433784", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2433784"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "status": "draft"}, "cwe": "CWE-295", "details": ["No description is available for this CVE."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2026-1530", "package_state": [{"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Affected", "package_name": "rubygem-fog-kubevirt", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Affected", "package_name": "satellite:el8/rubygem-fog-kubevirt", "product_name": "Red Hat Satellite 6"}], "public_date": "2026-01-28T12:40:37Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-1530\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-1530"], "statement": "This is an IMPORTANT flaw in fog-kubevirt, a component used by Red Hat Satellite for managing OpenShift Virtualization/KubeVirt. The vulnerability allows a Man-in-the-Middle (MITM) attack due to disabled certificate validation. An attacker capable of intercepting traffic between Satellite and OpenShift could exploit this to compromise sensitive communications.", "threat_severity": "Important"}