CVE-2026-0980
published 2026-02-27CVE-2026-0980: A flaw was found in rubyipmi, a gem used in the Baseboard Management Controller (BMC) component of Red Hat Satellite. An authenticated attacker with host…
PriorityP263high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.77%
51.0th percentile
A flaw was found in rubyipmi, a gem used in the Baseboard Management Controller (BMC) component of Red Hat Satellite. An authenticated attacker with host creation or update permissions could exploit this vulnerability by crafting a malicious username for the BMC interface. This could lead to remote code execution (RCE) on the system.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| logicminds | rubyipmi | <= 0.12.1 | — |
| logicminds | rubyipmi | >= 0 < 0.13.0 | 0.13.0 |
| redhat | satellite | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Exploitation requires the BMC component to be enabled and configured to use `ipmitool` as the IPMI implementation — hunt for unexpected or malformed BMC usernames submitted via host creation or update workflows in Red Hat Satellite ↗
- →Monitor Red Hat Satellite host creation/update API calls where the BMC username field contains shell metacharacters or command injection payloads, as the vulnerability is triggered via a crafted malicious username for the BMC interface ↗
- →Audit the affected package `rubygem-rubyipmi` on Red Hat Satellite 6 (satellite:el8) for patched vs. unpatched versions; unpatched installations are exploitable ↗
- ·Exploitation is only possible when the BMC component is enabled AND configured to use `ipmitool` as the IPMI implementation; environments not meeting both conditions are not exploitable ↗
- ·The attacker must be authenticated and hold host creation or update permissions in Red Hat Satellite; unauthenticated or lower-privileged users cannot trigger this vulnerability ↗
- ·No mitigation is currently available that meets Red Hat Product Security criteria; patching is the only remediation path ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vendor_redhat8.3HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
rubyipmi: Red Hat Satellite: Remote Code Execution in rubyipmi via malicious BMC username
vendor_redhat·2020-01-15·CVSS 8.3
CVE-2026-0980 [HIGH] CWE-78 rubyipmi: Red Hat Satellite: Remote Code Execution in rubyipmi via malicious BMC username
rubyipmi: Red Hat Satellite: Remote Code Execution in rubyipmi via malicious BMC username
A flaw was found in rubyipmi, a gem used in the Baseboard Management Controller (BMC) component of Red Hat Satellite. An authenticated attacker with host creation or update permissions could exploit this vulnerability by crafting a malicious username for the BMC interface. This could lead to remote code execution (RCE) on the system.
A flaw was found in rubyipmi, a gem used in the Baseboard Management Controller (BMC) component of Red Hat Satellite. An authenticated attacker with host creation or update permissions could exploit this vulnerability by crafting a malicious username for the BMC interface. This could lead to remote code execution (RCE) on the system.
Statement: This vulnerability is ra
GHSA
rubyipmi is vulnerable to OS Command Injection through malicious usernames
ghsa·2026-02-27
CVE-2026-0980 [HIGH] CWE-78 rubyipmi is vulnerable to OS Command Injection through malicious usernames
rubyipmi is vulnerable to OS Command Injection through malicious usernames
A flaw was found in rubyipmi, a gem used in the Baseboard Management Controller (BMC) component of Red Hat Satellite. An authenticated attacker with host creation or update permissions could exploit this vulnerability by crafting a malicious username for the BMC interface. This could lead to remote code execution (RCE) on the system.
OSV
rubyipmi is vulnerable to OS Command Injection through malicious usernames
osv·2026-02-27
CVE-2026-0980 [HIGH] rubyipmi is vulnerable to OS Command Injection through malicious usernames
rubyipmi is vulnerable to OS Command Injection through malicious usernames
A flaw was found in rubyipmi, a gem used in the Baseboard Management Controller (BMC) component of Red Hat Satellite. An authenticated attacker with host creation or update permissions could exploit this vulnerability by crafting a malicious username for the BMC interface. This could lead to remote code execution (RCE) on the system.
No detection rules found.
No public exploits indexed.
2026-02-27
Published