PatchSiren cyber security CVE debrief
CVE-2026-53473 Red Hat CVE debrief
A cross-site scripting (XSS) vulnerability was discovered in migration-planner-ui-app. An attacker can register a malicious discovery agent with a specially crafted credentialUrl containing JavaScript code. When an organizational user clicks this link in the user interface, the embedded malicious code executes within the user's browser session. This vulnerability allows the attacker to compromise the victim's Red Hat Single Sign-On (SSO) session, potentially leading to unauthorized cross-tenant data access and API actions.
- Vendor
- Red Hat
- Product
- migration-planner-ui-app
- CVSS
- HIGH 7.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-10
- Original CVE updated
- 2026-06-10
- Advisory published
- 2026-06-10
- Advisory updated
- 2026-06-10
Who should care
Users of migration-planner-ui-app, particularly those with Red Hat Single Sign-On (SSO) sessions, should be aware of this vulnerability and take necessary precautions.
Technical summary
The vulnerability has a CVSS score of 7.3 and is classified as HIGH severity. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N. The weakness is categorized as CWE-79.
Defensive priority
HIGH
Recommended defensive actions
- Apply patches or updates provided by the vendor to fix the XSS vulnerability.
- Implement additional security measures, such as input validation and output encoding, to prevent similar attacks.
- Educate users about the risks of clicking on suspicious links and the importance of keeping their browser and SSO sessions secure.
Evidence notes
The CVE record and NVD detail can be found at [cve-org] and [nvd], respectively. Additional information is available at [ref-4], [ref-5], and [ref-6].
Official resources
CVE-2026-53473 was published on 2026-06-10T15:16:41.820Z and modified on 2026-06-10T19:24:04.320Z.