A vulnerability marked as critical has been reported in Red Hat Satellite 6 on Red. The impacted element is an unknown function of the file /api/hosts/bootc_images of the component Katello Plugin . Performing a manipulation of the argument sort_by results in sql injection. This vulnerability is cataloged as CVE-2026-4324 . It is possible to initiate the attack remotely. There is no exploit available.