CVE-2026-53474EPSS p21.3%

CVE-2026-53474CVE-2026-53474

kebev2v / migration_assessment

Description

A flaw was found in migration-planner. A remote authenticated attacker could exploit this vulnerability by uploading a specially crafted RVTools .xlsx file. Due to improper input sanitization, malicious SQL embedded within a spreadsheet cell is executed when cluster names are processed. This SQL Injection allows for arbitrary file reading on the system, potentially exposing sensitive information such as Kubernetes service account tokens and other credentials, which could lead to a full compromise of the SaaS environment.

Scoring

CVSS 9.6 ()
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
EPSS0.30% probability of exploitation · percentile 21.3% · 2026-06-19T12:03:05Z
Last modified2026-06-16

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-53469
CVE
CVE-2026-53471
CVE
CVE-2026-53473
CVE
CVE-2026-53470
CVE
CVE-2025-45472
CVE
CVE-2025-46458
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.