katello: missing repository authorization in content_uploads exposes cross-product content existence

LLM-synthesized narrative grounded in this CVE's description and references.

• Theforeman/Katellollm-create

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

• github.com/advisories/GHSA-c43c-rf7g-5xpgghsaADVISORY
• access.redhat.com/security/cve/CVE-2026-12515ghsa
• bugzilla.redhat.com/show_bug.cgighsa
• github.com/Katello/katello/pull/11712ghsa
• nvd.nist.gov/vuln/detail/CVE-2026-12515ghsa

No linked articles in our index yet.