PatchSiren cyber security CVE debrief
CVE-2026-53475 Red Hat CVE debrief
CVE-2026-53475 is a critical vulnerability in assisted-migration-agent, with a CVSS score of 9.3. The application hardcodes insecure TLS connections when communicating with vCenter, allowing a Man-in-the-Middle (MITM) attacker to intercept and harvest vCenter administrator credentials. This can lead to unauthorized access to vCenter.
- Vendor
- Red Hat
- Product
- assisted-migration-agent
- CVSS
- CRITICAL 9.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-10
- Original CVE updated
- 2026-06-10
- Advisory published
- 2026-06-10
- Advisory updated
- 2026-06-10
Who should care
Administrators and users of assisted-migration-agent and vCenter should be aware of this vulnerability and take necessary actions to mitigate it.
Technical summary
The application hardcodes insecure Transport Layer Security (TLS) connections when communicating with vCenter. This vulnerability allows a Man-in-the-Middle (MITM) attacker to intercept and harvest vCenter administrator credentials.
Defensive priority
high
Recommended defensive actions
- Apply patches or updates to assisted-migration-agent to fix the hardcoded insecure TLS connections.
- Use secure TLS connections when communicating with vCenter.
- Monitor for suspicious activity and implement additional security measures to prevent unauthorized access.
Evidence notes
The vendor is listed as Unknown Vendor, but evidence suggests a connection to Redhat.
Official resources
CVE-2026-53475 was published on 2026-06-10T15:16:42.090Z and modified on 2026-06-10T19:24:04.320Z.