GHSA-v5m8-5455-qw2x · Severity: critical — A flaw was found in migration-planner. An authenticated attacker could exploit an improper access...
A flaw was found in migration-planner. An authenticated attacker could exploit an improper access control vulnerability in the `/api/v1/sources/{id}/image-url` endpoint. This flaw allows the attacker to bypass an ownership check and obtain presigned S3 URLs for Open Virtual Appliance (OVA) images belonging to other users. Consequently, the attacker can download OVA images containing sensitive information, such as long-lived agent JSON Web Tokens (JWTs) and source configurations, potentially leading to unauthorized access and modification of the victim's source.
Conclusion & alert: CVE-2026-53470 is rated Moderate Risk (45.5/100): CVSS Critical severity, with low exploitation likelihood (EPSS 0.28%). Mandatory action: Review affected assets and schedule remediation.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-06-15 | 0.03% | 0.28% | +0.25% |
| 2 | 2026-06-11 | — | 0.03% | — |
Full EPSS history (2 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 9.6 | 3.1 | CRITICAL |
|
3.1 | 5.8 | [email protected] |
| 8.1 | 3.1 | HIGH |
|
2.8 | 5.2 | [email protected] |
GHSA-v5m8-5455-qw2x · Severity: critical — A flaw was found in migration-planner. An authenticated attacker could exploit an improper access...
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| kebev2v | migration_assessment | < 0.13.5 | cpe:2.3:a:kebev2v:migration_assessment:*:*:*:*:*:*:*:* |
| URL | Tags |
|---|---|
| https://access.redhat.com/security/cve/CVE-2026-53470 | Third Party Advisory |
| https://bugzilla.redhat.com/show_bug.cgi?id=2487069 | Issue Tracking Third Party Advisory |
| https://github.com/kubev2v/migration-planner/pull/1218 | Patch |