CVE 8.5 HIGH

CVE-2026-6272_CVE-2026-6272

April 24, 2026 invoker category_cve

8.5 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H

Description

A client holding only a read JWT scope can still register itself as a signal provider through the production kuksa.val.v2 OpenProviderStream API by sending ProvideSignalRequest.

1. Obtain any valid token with only read scope.
2. Connect to the normal production gRPC API (kuksa.val.v2).
3. Open OpenProviderStream.
4. Send ProvideSignalRequest for a target signal ID.
5. Wait for the broker to forward GetProviderValueRequest.
6. Reply with attacker-controlled GetProviderValueResponse.
7. Other clients performing GetValue / GetValues for that signal receive forged data.

AI Analysis

A vulnerability in Eclipse KUKSA - Databroker allows an attacker with a read-only JWT scope to register as a signal provider and send forged data to other clients.

Basic Information

ID CVE-2026-6272

Source eclipse

Published Apr 24, 2026 at 08:28

Affected Product

Vendor Eclipse Foundation

Product Eclipse KUKSA - Databroker

Version 0.5.0

Affected Versions Eclipse Foundation Eclipse KUKSA - Databroker 0.5.0

CWE Classification

CWE-306

AI Assessment

AI Score 8.5 / 10

AI Severity High

Vendor Eclipse Foundation

Product Eclipse KUKSA - Databroker

Version 0.5.0

References

gitlab.eclipse.org /security/cve-assignment/-/issues/98

{
    "lastseen": "",
    "description": "A client holding only a read JWT scope can still register itself as a signal provider through the production kuksa.val.v2 OpenProviderStream API by sending ProvideSignalRequest.\n\n1. Obtain any valid token with only read scope.\n2. Connect to the normal production gRPC API (kuksa.val.v2).\n3. Open OpenProviderStream.\n4. Send ProvideSignalRequest for a target signal ID.\n5. Wait for the broker to forward GetProviderValueRequest.\n6. Reply with attacker-controlled GetProviderValueResponse.\n7. Other clients performing GetValue / GetValues for that signal receive forged data.",
    "published": "2026-04-24T08:28:17.690Z",
    "modified": "2026-04-24T08:28:17.690Z",
    "type": "cve",
    "title": "CVE-2026-6272",
    "source": "eclipse",
    "references": "https://gitlab.eclipse.org/security/cve-assignment/-/issues/98",
    "id": "CVE-2026-6272",
    "bulletinFamily": "",
    "cwe": [
        "CWE-306"
    ],
    "cvelist": null,
    "sourceData": "Eclipse Foundation Eclipse KUKSA - Databroker 0.5.0",
    "sourceHref": "",
    "cvss": {
        "score": 8.5,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Eclipse KUKSA - Databroker",
    "version": "0.5.0",
    "vendor": "Eclipse Foundation",
    "ai_description": "A vulnerability in Eclipse KUKSA - Databroker allows an attacker with a read-only JWT scope to register as a signal provider and send forged data to other clients.",
    "ai_severity": "High",
    "ai_vendor": "Eclipse Foundation",
    "ai_product": "Eclipse KUKSA - Databroker",
    "ai_version": "0.5.0",
    "ai_score": 8.5
}

💭 Join the Security Discussion ❌ Cancel Reply