CVE-2026-53475
CVE-2026-53475
9.3
CriticalPublished:
Last updated:
Source:secalert@redhat.com
Analyzed
Weakness (CWE)
CVSS Vector
v3.1- Attack Vector
- Adjacent
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- None
- Scope
- Changed
- Confidentiality
- High
- Integrity
- High
- Availability
- None
Description
A flaw was found in assisted-migration-agent. The application hardcodes insecure Transport Layer Security (TLS) connections when communicating with vCenter. This vulnerability allows a Man-in-the-Middle (MITM) attacker to intercept and harvest vCenter administrator credentials. This can lead to unauthorized access to vCenter.
References
secalert@redhat.com
https://access.redhat.com/security/cve/CVE-2026-53475secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2487232secalert@redhat.com
https://github.com/kubev2v/assisted-migration-agent/pull/268