This page lists publicly disclosed CVE vulnerabilities affecting chef automate (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-8868 | In Progress Chef Automate, versions earlier than 4.13.295, on Linux x86 platform, an authenticated attacker can gain access to Chef Automate restricted functionality in the compliance service via improperly neutralized inputs used in an SQL command using a well-known token. | [email protected] | 9.8 | 23.14% | 2025-09-29 | 2026-06-17 |
| CVE-2025-6724 | In Progress Chef Automate, versions earlier than 4.13.295, on Linux x86 platform, an authenticated attacker can gain access to Chef Automate restricted functionality in multiple services via improperly neutralized inputs used in an SQL command. | [email protected] | 8.8 | 0.33% | 2025-09-29 | 2026-06-17 |
| CVE-2023-40050 | Upload profile either through API or user interface in Chef Automate prior to and including version 4.10.29 using InSpec check command with maliciously crafted profile allows remote code execution. | [email protected] | 9.9 | 1.18% | 2023-10-31 | 2026-06-17 |