CVE-2026-0980 is an OS command injection vulnerability identified in the rubyipmi gem, a component integral to the Baseboard Management Controller (BMC) functionality within Red Hat Satellite 6.16 running on RHEL 8. The vulnerability arises from improper neutralization of special elements in user-supplied input, specifically a crafted username for the BMC interface. An attacker who is authenticated and possesses permissions to create or update hosts in Red Hat Satellite can exploit this flaw by injecting malicious commands through the username field. This injection leads to remote code execution (RCE) on the underlying system, allowing the attacker to execute arbitrary commands with the privileges of the Red Hat Satellite service. The vulnerability does not require user interaction beyond authentication and leverages the BMC interface's handling of the rubyipmi gem. The CVSS v3.1 base score of 8.3 reflects the high impact on confidentiality and integrity, with a low attack complexity and no user interaction required. Although no exploits have been reported in the wild yet, the potential for significant system compromise is high. The vulnerability affects Red Hat Satellite 6.16 installations on RHEL 8, a widely used platform for managing large-scale enterprise infrastructure and provisioning. The flaw underscores the criticality of input validation in management interfaces that interact with hardware controllers such as BMCs.

The exploitation of CVE-2026-0980 can lead to remote code execution on systems running Red Hat Satellite 6.16 for RHEL 8, resulting in full compromise of system confidentiality and integrity, and partial impact on availability. Attackers gaining RCE can manipulate or exfiltrate sensitive configuration data, deploy malware, disrupt infrastructure management, or pivot to other internal systems. Since Red Hat Satellite is used for provisioning and managing large numbers of servers, a successful attack could cascade, affecting multiple systems and services within an organization. The requirement for authenticated access with host creation or update permissions limits the attack surface but does not eliminate risk, especially in environments with many administrators or automated processes. The impact is particularly severe for organizations relying on Red Hat Satellite for critical infrastructure management, including cloud providers, financial institutions, government agencies, and large enterprises. The absence of known exploits in the wild provides a window for remediation, but the high severity score demands urgent attention.

Organizations should immediately review and restrict host creation and update permissions within Red Hat Satellite to trusted administrators only, minimizing the number of users who can exploit this vulnerability. Applying the official security patch from Red Hat as soon as it becomes available is the most effective mitigation. Until patches are applied, consider implementing network segmentation and firewall rules to limit access to the Red Hat Satellite management interfaces, especially the BMC components. Audit and monitor logs for unusual activity related to host creation or updates, and deploy intrusion detection systems tuned to detect command injection patterns. Employ strict input validation and sanitization on any custom scripts or automation interacting with the BMC interface. Additionally, conduct a thorough review of user accounts with elevated permissions and enforce multi-factor authentication to reduce the risk of credential compromise. Finally, maintain up-to-date backups and incident response plans to quickly recover from potential exploitation.