Red Hat Satellite Katello Plugin SQL Injection Vulnerability Allowing Denial-of-Service

Vulnerability

A vulnerability in the Katello plugin for Red Hat Satellite allows remote attackers to inject arbitrary SQL commands via the sort_by parameter of the /api/hosts/bootc_images API endpoint. This flaw arises from inadequate input sanitization, potentially leading to database errors that cause a denial-of-service condition. Additionally, it could enable Boolean-based blind SQL injection, allowing attackers to extract sensitive information from the database.

Impact

Exploitation of this vulnerability could cause a denial-of-service condition by triggering database errors. Furthermore, the vulnerability could be exploited to perform Boolean-based blind SQL injection, potentially allowing attackers to extract sensitive information from the database.

Added: Mar 17, 2026, 2:21 PM

Updated: Mar 17, 2026, 2:21 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.2

remediation

0.0

relevance

4.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.2

remediation

0.0

relevance

4.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Red Hat Satellite Katello Plugin SQL Injection Vulnerability Allowing Denial-of-Service

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating