CVE-2026-53476
9.6
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Summary
A flaw was found in assisted-migration-agent. An unauthenticated attacker, located on the same local area network (LAN), can exploit a path traversal vulnerability. By crafting a specially designed gzipped tarball, the attacker can bypass security checks and write arbitrary files to the system. This could ultimately lead to the execution of unauthorized code on the appliance.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
0 < bcae0438ad8386321a300413d71c982a11b7b5b7 | affected |
Weaknesses
- CWE-59: Improper Link Resolution Before File Access ('Link Following')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://access.redhat.com/security/cve/CVE-2026-53476
- https://bugzilla.redhat.com/show_bug.cgi?id=2487233
- https://github.com/kubev2v/assisted-migration-agent/pull/256
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.