CVE 9.6 CRITICAL

Migration-planner: getsourcedownloadurl missing organization check_CVE-2026-53470

June 10, 2026 invoker category_cve

9.6 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

Description

A flaw was found in migration-planner. An authenticated attacker could exploit an improper access control vulnerability in the `/api/v1/sources/{id}/image-url` endpoint. This flaw allows the attacker to bypass an ownership check and obtain presigned S3 URLs for Open Virtual Appliance (OVA) images belonging to other users. Consequently, the attacker can download OVA images containing sensitive information, such as long-lived agent JSON Web Tokens (JWTs) and source configurations, potentially leading to unauthorized access and modification of the victim's source.

AI Analysis

Improper access control vulnerability in migration-planner allows attackers to obtain presigned S3 URLs for OVA images belonging to other users, potentially leading to unauthorized access and modification of the victim's source.

Basic Information

ID CVE-2026-53470

Source redhat

Published Jun 10, 2026 at 13:55

Affected Product

Vendor Red Hat

Product migration-planner

Affected Versions 0

CWE Classification

CWE-639

AI Assessment

AI Score 9.6 / 10

AI Severity Critical

Vendor Red Hat

Product migration-planner

References

{
    "lastseen": "",
    "description": "A flaw was found in migration-planner. An authenticated attacker could exploit an improper access control vulnerability in the `/api/v1/sources/{id}/image-url` endpoint. This flaw allows the attacker to bypass an ownership check and obtain presigned S3 URLs for Open Virtual Appliance (OVA) images belonging to other users. Consequently, the attacker can download OVA images containing sensitive information, such as long-lived agent JSON Web Tokens (JWTs) and source configurations, potentially leading to unauthorized access and modification of the victim's source.",
    "published": "2026-06-10T13:55:57.872Z",
    "modified": "2026-06-10T13:55:57.872Z",
    "type": "cve",
    "title": "Migration-planner: getsourcedownloadurl missing organization check",
    "source": "redhat",
    "references": "https://access.redhat.com/security/cve/CVE-2026-53470\nhttps://bugzilla.redhat.com/show_bug.cgi?id=2487069\nhttps://github.com/kubev2v/migration-planner/pull/1218",
    "id": "CVE-2026-53470",
    "bulletinFamily": "",
    "cwe": [
        "CWE-639"
    ],
    "cvelist": null,
    "sourceData": "  0",
    "sourceHref": "",
    "cvss": {
        "score": 9.6,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "migration-planner",
    "version": "0",
    "vendor": "Red Hat",
    "ai_description": "Improper access control vulnerability in migration-planner allows attackers to obtain presigned S3 URLs for OVA images belonging to other users, potentially leading to unauthorized access and modification of the victim's source.",
    "ai_severity": "Critical",
    "ai_vendor": "Red Hat",
    "ai_product": "migration-planner",
    "ai_version": "0",
    "ai_score": 9.6
}

💭 Join the Security Discussion ❌ Cancel Reply