Vulnerability Details CVE-2026-13316
A flaw has been found in foreman when HTTP parameters are modified in http_proxies_controller and http_proxy files. Attackers can perform an SSRF attack and steal cloud metadata service on AWS/GCP/Azure environment through foreman component.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 1.5%
CVSS Severity
CVSS v3 Score 4.4
Products affected by CVE-2026-13316
-
cpe:2.3:a:theforeman:foreman:-