CVE-2026-53474
Last modified
CVE-2026-53474 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. A flaw was found in migration-planner. A remote authenticated attacker could exploit this vulnerability by uploading a specially crafted RVTools .xlsx file. EPSS estimates a 0.30% chance of exploitation in the next 30 days.
Description
A flaw was found in migration-planner. A remote authenticated attacker could exploit this vulnerability by uploading a specially crafted RVTools .xlsx file. Due to improper input sanitization, malicious SQL embedded within a spreadsheet cell is executed when cluster names are processed. This SQL Injection allows for arbitrary file reading on the system, potentially exposing sensitive information such as Kubernetes service account tokens and other credentials, which could lead to a full compromise of the SaaS environment.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Kebev2v | Migration Assessment | < 0.13.5 |
References
- https://access.redhat.com/security/cve/CVE-2026-53474Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2487231Issue Tracking, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2026-53474?
How severe is CVE-2026-53474?
How do I fix CVE-2026-53474?
Are you affected by CVE-2026-53474?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST