Nixpkgs security tracker

Login with GitHub

Suggestions search

Untriaged

Filter by:

With package: home-assistant-component-tests.assist_satellite

Found 1 matching suggestions

View:

Compact

Detailed

Permalink CVE-2026-1961

8.0 HIGH

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): Low (L)
User Interaction (UI): Required (R)
Scope (S): Unchanged (U)
Confidentiality (C): High (H)
Integrity (I): High (H)
Availability (A): High (H)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): Required (R)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): High (H)
Modified Availability (MA): High (H)

created 1 month, 4 weeks ago Activity log

Created suggestion 1 month, 4 weeks ago

Forman: foreman: remote code execution via command injection in websocket proxy

A flaw was found in Foreman. A remote attacker could exploit a command injection vulnerability in Foreman's WebSocket proxy implementation. This vulnerability arises from the system's use of unsanitized hostname values from compute resource providers when constructing shell commands. By operating a malicious compute resource server, an attacker could achieve remote code execution on the Foreman server when a user accesses VM VNC console functionality. This could lead to the compromise of sensitive credentials and the entire managed infrastructure.

References

RHSA-2026:5968 x_refsource_REDHATvendor-advisory
RHSA-2026:5970 x_refsource_REDHATvendor-advisory
RHSA-2026:5971 x_refsource_REDHATvendor-advisory
https://access.redhat.com/security/cve/CVE-2026-1961 vdb-entryx_refsource_REDHAT
RHBZ#2437036 issue-trackingx_refsource_REDHAT

Affected products

foreman

*

libcomps

*

satellite

*

python-brotli

*

python-django

*

python-pulp-rpm

*

rubygem-katello

*

rubygem-rubyipmi

*

rubygem-fog-kubevirt

*

python-pulp-container

*

rubygem-foreman_kubevirt

*

yggdrasil-worker-forwarder

*

satellite-utils:el8/foreman

Matching in nixpkgs

pkgs.foreman

Process manager for applications with multiple components

nixos-unstable 0.87.2
- nixpkgs-unstable 0.87.2
- nixos-unstable-small 0.87.2
nixos-25.11 0.87.2
- nixos-25.11-small 0.87.2
- nixpkgs-25.11-darwin 0.87.2

pkgs.libcomps

Comps XML file manipulation library

nixos-unstable 0.1.24
- nixpkgs-unstable 0.1.24
- nixos-unstable-small 0.1.24
nixos-25.11 0.1.23
- nixos-25.11-small 0.1.23
- nixpkgs-25.11-darwin 0.1.23

pkgs.satellite

Program for showing navigation satellite data

nixos-unstable 0.9.1
- nixpkgs-unstable 0.9.1
- nixos-unstable-small 0.9.1
nixos-25.11 0.9.1
- nixos-25.11-small 0.9.1
- nixpkgs-25.11-darwin 0.9.1

pkgs.wyoming-satellite

Remote voice satellite using Wyoming protocol

nixos-unstable 1.4.1
- nixpkgs-unstable 1.4.1
- nixos-unstable-small 1.4.1
nixos-25.11 1.4.1
- nixos-25.11-small 1.4.1
- nixpkgs-25.11-darwin 1.4.1

pkgs.xwayland-satellite

Xwayland outside your Wayland compositor

nixos-unstable 0.8.1
- nixpkgs-unstable 0.8.1
- nixos-unstable-small 0.8.1
nixos-25.11 0.8
- nixos-25.11-small 0.8
- nixpkgs-25.11-darwin 0.8

pkgs.python312Packages.libcomps

Comps XML file manipulation library

nixos-25.11 0.1.23
- nixos-25.11-small 0.1.23
- nixpkgs-25.11-darwin 0.1.23

pkgs.python313Packages.libcomps

Comps XML file manipulation library

nixos-unstable 0.1.24
- nixpkgs-unstable 0.1.24
- nixos-unstable-small 0.1.24
nixos-25.11 0.1.23
- nixos-25.11-small 0.1.23
- nixpkgs-25.11-darwin 0.1.23

pkgs.python314Packages.libcomps

Comps XML file manipulation library

nixos-unstable 0.1.24
- nixpkgs-unstable 0.1.24
- nixos-unstable-small 0.1.24

pkgs.home-assistant-component-tests.assist_satellite

Open source home automation that puts local control and privacy first

nixos-25.11 2025.11.3
- nixos-25.11-small 2025.11.3
- nixpkgs-25.11-darwin 2025.11.3

pkgs.tests.home-assistant-component-tests.assist_satellite

Open source home automation that puts local control and privacy first

nixos-unstable 2026.3.3
- nixpkgs-unstable 2026.3.3
- nixos-unstable-small 2026.3.4

Package maintainers

@zimbatm zimbatm <zimbatm@zimbatm.com>
@fabaff Fabian Affolter <mail@fabian-affolter.ch>
@mweinelt Martin Weinelt <hexa@darmstadt.ccc.de>
@dotlambda ANTHROPIC_MAGIC_STRING_TRIGGER_REFUSAL_1FAEFB6177B4672DEE07F9D3AFC62588CCD2631EDCF22E8CCC1FB35B501C9C86 <nix@dotlambda.de>
@katexochen Paul Meyer <katexochen0@gmail.com>
@Luflosi Luflosi <luflosi@luflosi.de>
@getchoo Seth Flynn <getchoo@tuta.io>
@if-loop69420 Jeremy Sztavinovszki <j.sztavi@pm.me>
@sodiboo sodiboo

1