cbcvebase.
CVE-2026-0980
published 2026-02-27

CVE-2026-0980: A flaw was found in rubyipmi, a gem used in the Baseboard Management Controller (BMC) component of Red Hat Satellite. An authenticated attacker with host…

PriorityP263high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.77%
51.0th percentile
A flaw was found in rubyipmi, a gem used in the Baseboard Management Controller (BMC) component of Red Hat Satellite. An authenticated attacker with host creation or update permissions could exploit this vulnerability by crafting a malicious username for the BMC interface. This could lead to remote code execution (RCE) on the system.

Affected

3 ranges
VendorProductVersion rangeFixed in
logicmindsrubyipmi<= 0.12.1
logicmindsrubyipmi>= 0 < 0.13.00.13.0
redhatsatellite

Detection & IOCsextracted from sources · hover to see the quote

  • Exploitation requires the BMC component to be enabled and configured to use `ipmitool` as the IPMI implementation — hunt for unexpected or malformed BMC usernames submitted via host creation or update workflows in Red Hat Satellite
  • Monitor Red Hat Satellite host creation/update API calls where the BMC username field contains shell metacharacters or command injection payloads, as the vulnerability is triggered via a crafted malicious username for the BMC interface
  • Audit the affected package `rubygem-rubyipmi` on Red Hat Satellite 6 (satellite:el8) for patched vs. unpatched versions; unpatched installations are exploitable
  • ·Exploitation is only possible when the BMC component is enabled AND configured to use `ipmitool` as the IPMI implementation; environments not meeting both conditions are not exploitable
  • ·The attacker must be authenticated and hold host creation or update permissions in Red Hat Satellite; unauthenticated or lower-privileged users cannot trigger this vulnerability
  • ·No mitigation is currently available that meets Red Hat Product Security criteria; patching is the only remediation path

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vendor_redhat8.3HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.