CVE Catalog

CVE-2026-13316

MediumCVSS 4.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.11%

1th percentile — higher than 1% of all known CVEs

Summary

A flaw has been found in Foreman where HTTP parameters can be modified in http_proxies_controller and http_proxy files. Attackers can perform an SSRF attack and steal cloud metadata service on AWS, GCP, or Azure environments.

Risk Assessment

The risk involves potential leakage of sensitive credentials and configuration data from cloud metadata, which could lead to unauthorized access to the organization's cloud resources.

Recommendation

Immediately update Foreman to the latest patched version and restrict access to the proxy management interface to trusted networks only.

Original NVD description (English source)

A flaw has been found in foreman when HTTP parameters are modified in http_proxies_controller and http_proxy files. Attackers can perform an SSRF attack and steal cloud metadata service on AWS/GCP/Azure environment through foreman component.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS