CVE-2026-1530 (fog-kubevirt): fog-kubevirt allows remote attacker to perform MITM attack due to disabled certificate validation

ADVISORIES

CVE-2026-1530 (NVD)
GHSA-m3hq-3qj8-c5fm
Vendor Advisory

GEM

fog-kubevirt

SEVERITY

CVSS v3.x: 8.1 (High)

PATCHED VERSIONS

>= 1.5.1

DESCRIPTION

A flaw was found in fog-kubevirt. This vulnerability allows a remote attacker to perform a Man-in-the-Middle (MITM) attack due to disabled certificate validation. This enables the attacker to intercept and potentially alter sensitive communications between Satellite and OpenShift, resulting in information disclosure and data integrity compromise.

https://nvd.nist.gov/vuln/detail/CVE-2026-1530
https://github.com/fog/fog-kubevirt/releases/tag/v1.5.1
https://github.com/fog/fog-kubevirt/blob/8adb03e07972d6e19a7713ecf2a827aa2cfe4b9e/CHANGELOG.md?plain=1#L11
https://github.com/fog/fog-kubevirt/pull/168
https://github.com/fog/fog-kubevirt/commit/8371e9ded99f9ec3e74caf2f283836109763e450
https://github.com/fog/fog-kubevirt/commit/9603d79a239a0f68bedfc679cd1b65fbf6ec4753
https://access.redhat.com/security/cve/CVE-2026-1530
https://bugzilla.redhat.com/show_bug.cgi?id=2433784
https://github.com/advisories/GHSA-m3hq-3qj8-c5fm

RubySec

CVE-2026-1530 (fog-kubevirt): fog-kubevirt allows remote attacker to perform MITM attack due to disabled certificate validation

ADVISORIES

GEM

SEVERITY

PATCHED VERSIONS

DESCRIPTION

RELATED

Recent Advisories