A flaw was found in Foreman. This broken access control...
Moderate severity
Unreviewed
Published
Jul 1, 2026
to the GitHub Advisory Database
•
Updated Jul 2, 2026
Description
Published by the National Vulnerability Database
Jul 1, 2026
Published to the GitHub Advisory Database
Jul 1, 2026
Last updated
Jul 2, 2026
A flaw was found in Foreman. This broken access control vulnerability allows an authenticated user with host-edit permissions to retarget an existing lookup value override to a different host. This is achieved by modifying the match field through nested host attributes, effectively bypassing authorisation checks. The consequence is the potential for unauthorised modification of managed host configurations across different organisational and location boundaries.
References