CVE-2026-1530: fog-kubevirt allows remote attacker to perform MITM attack due to disabled certificate validation
A flaw was found in fog-kubevirt. This vulnerability allows a remote attacker to perform a Man-in-the-Middle (MITM) attack due to disabled certificate validation. This enables the attacker to intercept and potentially alter sensitive communications between Satellite and OpenShift, resulting in information disclosure and data integrity compromise.
References
- access.redhat.com/security/cve/CVE-2026-1530
- bugzilla.redhat.com/show_bug.cgi?id=2433784
- github.com/advisories/GHSA-m3hq-3qj8-c5fm
- github.com/fog/fog-kubevirt
- github.com/fog/fog-kubevirt/blob/8adb03e07972d6e19a7713ecf2a827aa2cfe4b9e/CHANGELOG.md?plain=1
- github.com/fog/fog-kubevirt/commit/8371e9ded99f9ec3e74caf2f283836109763e450
- github.com/fog/fog-kubevirt/commit/9603d79a239a0f68bedfc679cd1b65fbf6ec4753
- github.com/fog/fog-kubevirt/pull/168
- github.com/fog/fog-kubevirt/releases/tag/v1.5.1
- nvd.nist.gov/vuln/detail/CVE-2026-1530
Code Behaviors & Features
Detect and mitigate CVE-2026-1530 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →