CVE-2026-53476

Sažetak

A flaw was found in assisted-migration-agent. An unauthenticated attacker, located on the same local area network (LAN), can exploit a path traversal vulnerability. By crafting a specially designed gzipped tarball, the attacker can bypass security checks and write arbitrary files to the system. This could ultimately lead to the execution of unauthorized code on the appliance.

Reference

https://access.redhat.com/security/cve/CVE-2026-53476
https://bugzilla.redhat.com/show_bug.cgi?id=2487233
https://github.com/kubev2v/assisted-migration-agent/pull/256

CVSS

Base:	9.6
Impact:	6.0
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
ADJACENT_NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Zadnje važnije ažuriranje

10-06-2026 - 19:24

Objavljeno

10-06-2026 - 15:16