CVE-2026-12515

🗓️ 17 Jun 2026 15:34:00Reported by redhatType

Katello content uploads flaw leaks content existence in unauthorized repositories to users with edit products.

Reporter	Title	Published	Views	Family All 6
Circl	CVE-2026-12515	17 Jun 202618:31	–	circl
Cvelist	CVE-2026-12515 Katello: missing repository authorization in content_uploads exposes cross-product content existence	17 Jun 202615:34	–	cvelist
EUVD	EUVD-2026-37746	17 Jun 202615:34	–	euvd
NVD	CVE-2026-12515	17 Jun 202617:16	–	nvd
Positive Technologies	PT-2026-50457	17 Jun 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-12515	17 Jun 202615:29	–	redhatcve

[
  {
    "vendor": "Red Hat",
    "product": "Red Hat Hardened Images",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "ctags",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:hummingbird:1"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Satellite 6",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "katello",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:satellite:6"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Satellite 6",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "rubygem-katello",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:satellite:6"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Satellite 6",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "satellite:el8/katello",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:satellite:6"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Satellite 6",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "satellite:el8/rubygem-katello",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:satellite:6"
    ]
  }
]

Source	Link
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
github	www.github.com/Katello/katello/pull/11712
access	www.access.redhat.com/security/cve/CVE-2026-12515

17 Jun 2026 20:20Current

5.4Medium risk

Vulners AI Score5.4

CVSS 3.14.3

CWE-862