CVE-2026-0980

CWE-78 — OS Command Injection6 documents6 sources

Severity

8.8HIGH

EPSS

0.1%

top 74.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Logicminds Rubyipmi Redhat Satellite

Timeline

PublishedFeb 27

Description

A flaw was found in rubyipmi, a gem used in the Baseboard Management Controller (BMC) component of Red Hat Satellite. An authenticated attacker with host creation or update permissions could exploit this vulnerability by crafting a malicious username for the BMC interface. This could lead to remote code execution (RCE) on the system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:LExploitability: 2.8 | Impact: 5.5

Affected Packages3 packages

▶RubyGemsrubyipmi< 0.13.0

▶NVDlogicminds/rubyipmi0.12.1

▶NVDredhat/satellite6.0

🔴Vulnerability Details

GHSA

rubyipmi is vulnerable to OS Command Injection through malicious usernames↗2026-02-27

▶

CVEList

Rubyipmi: red hat satellite: remote code execution in rubyipmi via malicious bmc username↗2026-02-27

▶

OSV

rubyipmi is vulnerable to OS Command Injection through malicious usernames↗2026-02-27

▶

📋Vendor Advisories

Red Hat

rubyipmi: Red Hat Satellite: Remote Code Execution in rubyipmi via malicious BMC username↗2020-01-15

▶

🕵️Threat Intelligence

Wiz

CVE-2026-0980 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶