CVE-2026-53476 | THREATINT

Description

A flaw was found in assisted-migration-agent. An unauthenticated attacker, located on the same local area network (LAN), can exploit a path traversal vulnerability. By crafting a specially designed gzipped tarball, the attacker can bypass security checks and write arbitrary files to the system. This could ultimately lead to the execution of unauthorized code on the appliance.

PUBLISHED Reserved 2026-06-09 | Published 2026-06-10 | Updated 2026-06-10 | Assigner redhat

CRITICAL: 9.6CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Problem types

Improper Link Resolution Before File Access ('Link Following')

Product status

Default status

unaffected

Any version before bcae0438ad8386321a300413d71c982a11b7b5b7

affected

Timeline

2026-06-09:	Reported to Red Hat.
2026-06-07:	Made public.

References

access.redhat.com/security/cve/CVE-2026-53476 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2487233 (RHBZ#2487233) issue-tracking

github.com/kubev2v/assisted-migration-agent/pull/256

cve.org (CVE-2026-53476)

nvd.nist.gov (CVE-2026-53476)

Download JSON