Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…
EPSS 0.4%top 72%

CVE-2025-69196: CWE-863: Incorrect Authorization in jlowin fastmcp

0
High
Published: 07/07/2026 (07/07/2026, 19:24:16 UTC)
Source: GCVE Database
Vendor/Project: Red Hat Product Security
Product: Red Hat

Description

Red Hat has released a Technology Preview container image for the satellite/foreman-mcp-server-rhel9, which is designed for advanced reporting and AI-driven data analysis within Red Hat Satellite. This advisory references multiple CVEs including CVE-2025-69196 and others, but does not provide specific details on vulnerabilities or fixes. No patches or official fixes are currently available, and the advisory primarily announces the availability of this new container image as a preview.

CVSS v4.0

Score 7.4high

Attack Vector
Network
Attack Complexity
High
Attack Requirements
None
Privileges Required
None
User Interaction
Active
Vuln. Confidentiality
High
Vuln. Integrity
High
Vuln. Availability
None
Subsq. Confidentiality
None
Subsq. Integrity
None
Subsq. Availability
None
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Affected software

Affected versions
Red HatRed Hat SatelliteRed Hat Satellite 6.18amd64registry.redhat.io/satellite/foreman-mcp-server-rhel9@sha256:6dccc74936d6698a043e22a9f5ef42da0c4fc4ddb6feb903417ebf5627685138_amd64

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 07/08/2026, 13:33:21 UTC

Technical Analysis

The Red Hat Satellite product now includes a Technology Preview container image for the MCP server (satellite/foreman-mcp-server-rhel9), intended for local deployment to support advanced reporting and AI-based data analysis. The advisory lists six CVEs (CVE-2025-69196, CVE-2025-69872, CVE-2026-32871, CVE-2026-44431, CVE-2026-44432, CVE-2026-48526) associated with this advisory but does not detail the nature of these vulnerabilities or any remediation. No patches or fixes are provided in the advisory, and the product is not a cloud service, so remediation depends on vendor updates. The advisory is informational about the Technology Preview release rather than a detailed vulnerability disclosure with mitigation.

Potential Impact

The advisory indicates a high severity level but does not specify the exact impact of the listed CVEs. Without detailed vulnerability descriptions or exploit information, the precise impact on confidentiality, integrity, or availability cannot be determined from the provided data. No known exploits in the wild are reported. The presence of multiple CWEs suggests potential issues in memory management, deserialization, race conditions, and authorization, but specifics are not given.

Mitigation Recommendations

No official fixes or patches are currently available for the vulnerabilities referenced in this advisory. Users should monitor Red Hat's official advisories and update Satellite MCP server components when patches are released. Since this is a Technology Preview container image, it is recommended to use it in test environments only and not in production until it is fully supported and patched. Consult the Red Hat Satellite documentation for integration guidance and stay informed via Red Hat Product Security channels.

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Gcve Source
db.gcve.eu
Csaf Category
csaf_security_advisory
Csaf Version
2.0
Publisher
Red Hat Product Security
Advisory Id
RHSA-2026:36350
Cve Count
6
Additional Cves
["CVE-2025-69872","CVE-2026-32871","CVE-2026-44431","CVE-2026-44432","CVE-2026-48526"]
Cvss Version
null

Threat ID: 6a4e4edac9d9e3dbe328865f

Added to database: 07/08/2026, 13:21:30 UTC

Last enriched: 07/08/2026, 13:33:21 UTC

Last updated: 07/09/2026, 00:16:38 UTC

Views: 3

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses