PatchSiren cyber security CVE debrief
CVE-2026-53476 Red Hat CVE debrief
CVE-2026-53476 is a critical path traversal vulnerability in assisted-migration-agent. An unauthenticated attacker on the same LAN can exploit this flaw to bypass security checks and write arbitrary files to the system, potentially leading to unauthorized code execution.
- Vendor
- Red Hat
- Product
- assisted-migration-agent
- CVSS
- CRITICAL 9.6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-10
- Original CVE updated
- 2026-06-10
- Advisory published
- 2026-06-10
- Advisory updated
- 2026-06-10
Who should care
Users of assisted-migration-agent, particularly those in environments where an attacker might be on the same local area network (LAN).
Technical summary
The vulnerability, with a CVSS score of 9.6, allows an unauthenticated attacker on the same LAN to exploit a path traversal vulnerability by crafting a specially designed gzipped tarball. This enables the attacker to bypass security checks and write arbitrary files to the system, which could lead to the execution of unauthorized code on the appliance.
Defensive priority
High
Recommended defensive actions
- Apply patches or updates provided by the vendor as soon as possible.
- Restrict access to the affected system to only trusted networks or individuals.
- Monitor network traffic for suspicious activity, especially gzipped tarball uploads.
Evidence notes
The CVE record was published on 2026-06-10T15:16:42.220Z and last modified on 2026-06-10T19:24:04.320Z. The vendor is listed as Unknown Vendor, but evidence suggests a potential link to Red Hat.
Official resources
CVE-2026-53476 was publicly disclosed on 2026-06-10.