CVE Catalog

CVE-2026-53470

CriticalCVSS 9.6
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.28%

20th percentile — higher than 20% of all known CVEs

Summary

A flaw was found in migration-planner that allows an authenticated attacker to bypass access control in the `/api/v1/sources/{id}/image-url` endpoint. This flaw enables the attacker to obtain presigned S3 URLs for OVA images belonging to other users.

Risk Assessment

This vulnerability may lead to the download of OVA images containing sensitive information, posing a risk of unauthorized access and modification of the victim's sources.

Recommendation

It is recommended to implement proper access controls on the endpoint to prevent unauthorized access to user resources.

Original NVD description (English source)

A flaw was found in migration-planner. An authenticated attacker could exploit an improper access control vulnerability in the `/api/v1/sources/{id}/image-url` endpoint. This flaw allows the attacker to bypass an ownership check and obtain presigned S3 URLs for Open Virtual Appliance (OVA) images belonging to other users. Consequently, the attacker can download OVA images containing sensitive information, such as long-lived agent JSON Web Tokens (JWTs) and source configurations, potentially leading to unauthorized access and modification of the victim's source.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS