logo

Database

OS Command Injection In rubyipmi

Description

rubyipmi is vulnerable to OS Command Injection through malicious usernames A flaw was found in rubyipmi, a gem used in the Baseboard Management Controller (BMC) component of Red Hat Satellite. An authenticated attacker with host creation or update permissions could exploit this vulnerability by crafting a malicious username for the BMC interface. This could lead to remote code execution (RCE) on the system.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2026-09802. NVD-2026-09803. OSV-2026-09804. GCVE-2026-09805. access.redhat.com6. access.redhat.com7. access.redhat.com8. ACCESS-CVE-2026-0980

References

1. https://github.com/logicminds/rubyipmi/commit/252503a7b4dca68388165883b0322024e344a2152. https://bugzilla.redhat.com/show_bug.cgi?id=24298743. https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubyipmi/CVE-2026-0980.yml

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.