PatchSiren cyber security CVE debrief
CVE-2026-45776 ubccr CVE debrief
CVE-2026-45776 is a medium-severity vulnerability in Open XDMoD, a framework for collecting and analyzing HPC metrics. A flaw in its access control logic allows an attacker to bypass intended data access restrictions and view other users' compute job efficiency metrics if the optional Job Performance (SUPReMM) module is installed. The vulnerability was patched in Open XDMoD version 11.0.3.
- Vendor
- ubccr
- Product
- xdmod
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-05
- Original CVE updated
- 2026-06-10
- Advisory published
- 2026-06-05
- Advisory updated
- 2026-06-10
Who should care
Users of Open XDMoD, especially those with the optional Job Performance (SUPReMM) module installed, should be aware of this vulnerability and take steps to mitigate it.
Technical summary
Open XDMoD is vulnerable to an access control logic flaw (CVE-2026-45776) that allows an attacker to bypass data access restrictions and view other users' compute job efficiency metrics if the optional Job Performance (SUPReMM) module is installed. This issue was privately reported on 2026-04-06 and patched in Open XDMoD version 11.0.3 on 2026-05-12.
Defensive priority
MEDIUM
Recommended defensive actions
- Upgrade to Open XDMoD version 11.0.3 or later.
- Apply the patch manually as a workaround.
Evidence notes
The vulnerability has a CVSS score of 5.3 and is classified as CWE-284. It was reported privately on 2026-04-06 and patched on 2026-05-12.
Official resources
-
CVE-2026-45776 CVE record
CVE.org
-
CVE-2026-45776 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Release Notes
-
Mitigation or vendor reference
[email protected] - Patch, Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Patch
CVE-2026-45776 was published on 2026-06-05T20:17:32.513Z and modified on 2026-06-10T21:07:23.310Z.