CVE-2026-4324 is a vulnerability identified in the Katello plugin of Red Hat Satellite 6, a widely used infrastructure management platform. The flaw is due to improper neutralization of special elements in SQL commands, specifically in the sort_by parameter of the /api/hosts/bootc_images API endpoint. This improper sanitization allows a remote attacker to inject arbitrary SQL commands. The injection can trigger database errors causing Denial of Service (DoS) conditions and enable Boolean-based Blind SQL injection attacks, which allow attackers to infer sensitive information from the backend database by sending crafted queries and analyzing responses. The vulnerability requires network access and privileges to interact with the API but does not require user interaction. The CVSS v3.1 score is 5.4 (medium), reflecting the moderate impact on confidentiality and availability, with no impact on integrity. No known public exploits exist yet, but the potential for data leakage and service disruption is significant for affected environments. Red Hat Satellite 6 is commonly used in enterprise environments for lifecycle management of Red Hat systems, making this vulnerability relevant for organizations relying on this product for patching, provisioning, and configuration management.

The vulnerability can lead to partial disclosure of sensitive information stored in the Red Hat Satellite database through Boolean-based Blind SQL injection, potentially exposing configuration details, host information, or other critical data. Additionally, exploitation can cause database errors that result in Denial of Service (DoS), disrupting infrastructure management operations. This can affect the availability of critical services dependent on Red Hat Satellite for system updates and provisioning. Organizations relying heavily on Red Hat Satellite 6 for managing large fleets of servers may experience operational delays and increased risk of data exposure. The medium severity rating reflects that while the impact is significant, exploitation requires some level of privilege and network access, limiting the scope somewhat. However, the widespread use of Red Hat Satellite in enterprise and government sectors means the overall risk is non-trivial.

1. Apply official patches from Red Hat as soon as they become available to address the SQL injection vulnerability in the Katello plugin. 2. Restrict access to the /api/hosts/bootc_images endpoint by implementing network segmentation and firewall rules to limit API access to trusted administrators and systems only. 3. Employ Web Application Firewalls (WAFs) with custom rules to detect and block SQL injection attempts targeting the sort_by parameter. 4. Implement strict input validation and sanitization on all user-supplied parameters, especially those used in database queries. 5. Monitor logs and database error messages for unusual activity indicative of attempted SQL injection exploitation. 6. Conduct regular security assessments and penetration tests focusing on API endpoints to identify and remediate injection flaws proactively. 7. Educate administrators on the risks of SQL injection and best practices for secure API usage and credential management.