Red Hat Migration-Planner CVEs: Token Exposure and Control-Plane Risk

Daily Tech Hack Global — public AI, technology, and cybersecurity news briefing for 2026-06-18. Critical control-plane CVEs affecting cloud migration, remote support identity, and agent or node trust boundaries Central thesis: Control-plane vulnerabilities deserve priority when they can expose tokens, delete operational data, bypass identity checks, or expand node authority. Question answered: Which newly reported critical CVEs should defenders patch and audit first today? Chapters: 00:00 Who is affected and what to do now 00:35 CVE-2026-36537 lead risk 01:20 CVE-2026-48114 authorization failure 02:00 CVE-2026-48558 identity or support risk 02:35 Defensive checklist Sources and confirmed facts: 1. CVE-2026-36537 critical vulnerability Publisher/source: NVD keyword identity URL: https://gist.github.com/KKC73/b9d4efda05693882f1e613c0e0fac78d Confirmed facts: ThingsBoard v4.3.0.1 is vulnerable to an authentication bypass during the OAuth authorization code exchange. The application improperly trusts user-supplied identity data within the user parameter of the /login/oauth2/code/ endpoint. By manipulating the email address in this JSON object, a remote attacker can bypass authentication and gain full access to any existing user account on the platform without possessing the target user's credentials. This results in a complete account takeover. Why it matters: The affected component sits close to infrastructure operations and should be prioritized by exposure and privilege. 2. Red Hat migration-planner RVTools SQL injection risk Publisher/source: NVD keyword identity URL: https://github.com/NCEAS/metacat/commit/820d595309b399fdbdf4983bd1b1dd795773472a Confirmed facts: Metacat is data repository software that helps researchers preserve, share, and discover data. Versions 2.0.0 and and above contain an unauthenticated SQL injection in the /harvesterRegistration endpoint. HarvesterRegistration.dbInsert() builds an INSERT against HARVEST_SITE_SCHEDULE via string concatenation, using a quoteString() helper that performs raw single-quote wrapping without escaping. Three request parameters reach the sink: unit, contactEmail, and documentListURL. The servlet does not verify a real LDAP identity. Allowing the vulnerable insert to proceed. Since the PostgreSQL backend permits stacked queries via Statement.executeUpdate(), this vulnerability allows full read/write/execute access in the Metacat database context. The vulnerability was remediated in Metacat 3.0.0. Why it matters: The affected component sits close to infrastructure operations and should be prioritized by exposure and privilege. 3. SimpleHelp OIDC authentication bypass Publisher/source: NVD keyword identity URL: https://horizon3.ai/attack-research/disclosures/cve-2026-48558-simplehelp-authentication-bypass-iocs/ Confirmed facts: SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an authentication bypass vulnerability in the OIDC authentication flow. When OIDC authentication is configured, identity tokens submitted during login are accepted without verifying their cryptographic signature. In a vulnerable configuration, a remote, unauthenticated attacker can submit a forged token containing arbitrary identity claims to obtain a fully authenticated technician session. In some configurations, this may also allow bypass of multi-factor authentication. No user interaction is required. Why it matters: Potential credential or token exposure raises blast radius beyond the vulnerable service. 4. CVE-2026-55196 critical vulnerability Publisher/source: NVD critical recent URL: https://github.com/nesquena/hermes-webui/commit/4d90577e25d5537cb07290eca3fb8abff3bab316 Confirmed facts: Hermes WebUI before 0.51.409 contains an authentication bypass vulnerability in passkey registration endpoints that allows unauthenticated remote attackers to register arbitrary passkeys. When HERMES_WEBUI_PASSKEY=1 is enabled with no existing credentials, POST /api/auth/passkey/register/options and POST /api/auth/passkey/register endpoints are accessible without authentication, allowing attackers to claim the first passkey and gain permanent administrative control. Why it matters: The affected component sits close to infrastructure operations and should be prioritized by exposure and privilege. Analysis is clearly separated from confirmed source facts. No exploit code or attack instructions are included. #AI #ArtificialIntelligence #Cybersecurity #TechNews #CloudSecurity #Developers #DailyTechHackGlobal

Видео Red Hat Migration-Planner CVEs: Token Exposure and Control-Plane Risk канала dailytechhackglobal