Lucene search
K
Kebev2vMigration Assessment

4 matches found

CVE
CVE
added 2026/06/10 1:55 p.m.27 views

CVE-2026-53469

Migration-planner is affected. An authenticated user can issue a DELETE to /api/v1/sources that is not properly authorized/filtered, permitting destruction of all tenant data (sources, agents, assessments) and causing critical loss of availability and integrity across the SaaS platform. Affected ...

9.1CVSS5.5AI score0.00288EPSS
CVE
CVE
added 2026/06/10 1:55 p.m.26 views

CVE-2026-53474

Migration-planner is affected by a second-order SQL injection via uploads of RVTools .xlsx files. The flaw arises from improper input sanitization and causes malicious SQL embedded in a spreadsheet cell to execute when cluster names are processed, enabling arbitrary file reading on the host (pote...

9.6CVSS5.9AI score0.00298EPSS
CVE
CVE
added 2026/06/10 1:55 p.m.23 views

CVE-2026-53470

CVE-2026-53470 affects migration-planner. An authenticated attacker can exploit an improper access control on /api/v1/sources/{id}/image-url to bypass ownership checks and obtain presigned S3 URLs for other users’ Open Virtual Appliance (OVA) images, potentially downloading images containing long...

9.6CVSS5.5AI score0.0028EPSS
Web
CVE
CVE
added 2026/06/10 1:55 p.m.21 views

CVE-2026-53471

CVE-2026-53471 affects the migration-planner project, specifically the agent-api middleware. The UpdateSourceInventory and UpdateAgentStatus handlers fail to validate the source_id claim in JWTs against the requested source ID. Root cause: missing validation allows an authenticated attacker with ...

9.6CVSS5.5AI score0.00286EPSS