CVE 9.6 CRITICAL

Assisted-migration-agent: vddk tarball chained-symlink arbitrary file write_CVE-2026-53476

June 10, 2026 invoker category_cve

9.6 / 10

CRITICAL

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Description

A flaw was found in assisted-migration-agent. An unauthenticated attacker, located on the same local area network (LAN), can exploit a path traversal vulnerability. By crafting a specially designed gzipped tarball, the attacker can bypass security checks and write arbitrary files to the system. This could ultimately lead to the execution of unauthorized code on the appliance.

AI Analysis

Path traversal vulnerability in assisted-migration-agent allowing arbitrary file write and potential code execution

Basic Information

ID CVE-2026-53476

Source redhat

Published Jun 10, 2026 at 13:55

Affected Product

Vendor Red Hat

Product assisted-migration-agent

Affected Versions 0

CWE Classification

CWE-59

AI Assessment

AI Score 9.6 / 10

AI Severity Critical

Vendor Red Hat

Product assisted-migration-agent

References

{
    "lastseen": "",
    "description": "A flaw was found in assisted-migration-agent. An unauthenticated attacker, located on the same local area network (LAN), can exploit a path traversal vulnerability. By crafting a specially designed gzipped tarball, the attacker can bypass security checks and write arbitrary files to the system. This could ultimately lead to the execution of unauthorized code on the appliance.",
    "published": "2026-06-10T13:55:44.144Z",
    "modified": "2026-06-10T13:55:44.144Z",
    "type": "cve",
    "title": "Assisted-migration-agent: vddk tarball chained-symlink arbitrary file write",
    "source": "redhat",
    "references": "https://access.redhat.com/security/cve/CVE-2026-53476\nhttps://bugzilla.redhat.com/show_bug.cgi?id=2487233\nhttps://github.com/kubev2v/assisted-migration-agent/pull/256",
    "id": "CVE-2026-53476",
    "bulletinFamily": "",
    "cwe": [
        "CWE-59"
    ],
    "cvelist": null,
    "sourceData": "  0",
    "sourceHref": "",
    "cvss": {
        "score": 9.6,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "assisted-migration-agent",
    "version": "0",
    "vendor": "Red Hat",
    "ai_description": "Path traversal vulnerability in assisted-migration-agent allowing arbitrary file write and potential code execution",
    "ai_severity": "Critical",
    "ai_vendor": "Red Hat",
    "ai_product": "assisted-migration-agent",
    "ai_version": "0",
    "ai_score": 9.6
}

💭 Join the Security Discussion ❌ Cancel Reply