EUVD-2026-36032
GHSA-8g5p-jxp9-457c
Severity by source
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Network vector to vCenter API, but exploitation requires an on-path MITM position, hence AC:H; no agent auth needed (PR:N/UI:N); stolen admin creds yield full C and I impact, no availability effect.
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
8DescriptionNVD
A flaw was found in assisted-migration-agent. The application hardcodes insecure Transport Layer Security (TLS) connections when communicating with vCenter. This vulnerability allows a Man-in-the-Middle (MITM) attacker to intercept and harvest vCenter administrator credentials. This can lead to unauthorized access to vCenter.
Articles & Coverage 1
AnalysisAI
Credential interception in kubev2v assisted-migration-agent allows network-positioned attackers to harvest vCenter administrator credentials because the agent's vCenter client establishes TLS connections with certificate verification effectively disabled by default. The flaw, reported by Red Hat and tracked as EUVD-2026-36032, has no public exploit identified at time of analysis and an EPSS score of 0.01% (percentile 1%), but successful MITM exploitation yields full administrative access to the targeted vCenter.
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The attacker must hold an active man-in-the-middle position on the TCP path between the assisted-migration-agent and the target vCenter (e.g., layer-2 adjacency for ARP poisoning, control of an upstream router/proxy, or compromise of a transit hop) during a credential-bearing API call from the agent. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Signals diverge sharply. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has gained a position on the network path between the assisted-migration-agent and vCenter - for example via ARP spoofing on a flat management VLAN, BGP/route hijack on a transit link, or compromise of an intermediate proxy - terminates the agent's TLS session with a self-signed certificate, which the agent accepts without validation. The agent then sends the configured vCenter administrator username and password over the attacker-controlled channel, after which the attacker replays them directly against the real vCenter to obtain full administrative control. … |
| Remediation | Upstream fix available (PR/commit https://github.com/kubev2v/assisted-migration-agent/pull/268); released patched version not independently confirmed at time of analysis, so consult the Red Hat advisory https://access.redhat.com/security/cve/CVE-2026-53475 for the exact RPM/container build that ships the fix and upgrade to that release. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
24 hours: Audit all kubev2v assisted-migration-agent deployments; restrict network access to trusted internal segments only and disable internet-facing connectivity if present. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Vendor StatusVendor
Share
External POC / Exploit Code
Leaving vuln.today