CVE-2026-12515

Name of the Vulnerable Software and Affected Versions Katello of Red Hat Satellite (affected versions not specified)

Description Insufficient authorization checks in the ContentUploadsController within the content upload functionality allow authenticated users with the edit products permission to query content information for repositories they are not authorized to manage. This allows an attacker to determine if specific content exists within otherwise inaccessible repositories, although it does not permit unauthorized modification, import, or publication of content.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.