High severity8.1NVD Advisory· Published Feb 2, 2026· Updated Apr 15, 2026
CVE-2026-1530
CVE-2026-1530
Description
A flaw was found in fog-kubevirt. This vulnerability allows a remote attacker to perform a Man-in-the-Middle (MITM) attack due to disabled certificate validation. This enables the attacker to intercept and potentially alter sensitive communications between Satellite and OpenShift, resulting in information disclosure and data integrity compromise.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
fog-kubevirtRubyGems | < 1.5.1 | 1.5.1 |
Affected products
1Patches
22 files changed · +4 −1
CHANGELOG.md+3 −0 modified@@ -1,3 +1,6 @@ +### 1.5.1 / 2026-01-28 +* CVE-2026-1530 - Don't override @opts in create_client_from_token ([#168](https://github.com/fog/fog-kubevirt/pull/168)) + ### 1.5.0 / 2026-01-16 * Fix Compute.valid? suppressing the original error ([#162](https://github.com/fog/fog-kubevirt/pull/162))
lib/fog/kubevirt/version.rb+1 −1 modified@@ -1,5 +1,5 @@ module Fog module Kubevirt - VERSION = '1.5.0' + VERSION = '1.5.1' end end
9603d79a239aDon't override `@opts` in `create_client_from_token`
1 file changed · +0 −10
lib/fog/kubevirt/compute/compute.rb+0 −10 modified@@ -346,16 +346,6 @@ def create_client(path) end def create_client_from_token(url) - # Prepare the TLS and authentication options that will be used for the standard Kubernetes API - # and also for the KubeVirt extension: - @opts = { - :ssl_options => { - :verify_ssl => OpenSSL::SSL::VERIFY_NONE, - }, - :auth_options => { - :bearer_token => @kubevirt_token - } - } version = detect_version(url.to_s, @opts[:ssl_options]) key = url.path + '/' + version
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
12- github.com/advisories/GHSA-m3hq-3qj8-c5fmghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-1530ghsaADVISORY
- access.redhat.com/errata/RHSA-2026:5970nvdWEB
- access.redhat.com/errata/RHSA-2026:5971nvdWEB
- access.redhat.com/security/cve/CVE-2026-1530nvdWEB
- bugzilla.redhat.com/show_bug.cginvdWEB
- github.com/fog/fog-kubevirt/blob/8adb03e07972d6e19a7713ecf2a827aa2cfe4b9e/CHANGELOG.mdghsaWEB
- github.com/fog/fog-kubevirt/commit/8371e9ded99f9ec3e74caf2f283836109763e450ghsaWEB
- github.com/fog/fog-kubevirt/commit/9603d79a239a0f68bedfc679cd1b65fbf6ec4753ghsaWEB
- github.com/fog/fog-kubevirt/pull/168ghsaWEB
- github.com/fog/fog-kubevirt/releases/tag/v1.5.1ghsaWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/fog-kubevirt/CVE-2026-1530.ymlghsaWEB
News mentions
0No linked articles in our index yet.