Skip to content
CVSS 8.8 · HIGH

CVE-2026-6389

IBM Turbonomic prometurbo agent 8.16.0 through 8.17.6 IBM Turbonomic Application Resource Management grants excessive cluster‑wide permissions, including unrestricted read access to all secrets. An attacker that compromises the operator or its service account can exfiltrate sensitive credentials, escalate privileges, and potentially achieve full cluster compromise.

Ver en NVD

Análisis

IBM Turbonomic is a major enterprise Application Resource Management platform used to manage Kubernetes environments. This vulnerability allows an attacker who has compromised a service account to achieve full cluster-wide secret access and privilege escalation, which is a critical impact for DevOps teams in enterprise settings.

Severidad

Puntaje: 8.8(HIGH)
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
AV: LOCAL
AC: LOW
PR: LOW
UI: NONE
S: CHANGED
C: HIGH
I: HIGH
A: HIGH
Tipo de falla (CWE): CWE-269NVD-CWE-noinfo

EPSS

Probabilidad de explotación (próx. 30 días): 0.0001 (0.0%)
Percentil: 1.4%
EPSS: 2026-05-06

Afecta

ibm:turbonomic_prometurbo_agent

Descripción técnica

IBM Turbonomic prometurbo agent 8.16.0 through 8.17.6 IBM Turbonomic Application Resource Management grants excessive cluster‑wide permissions, including unrestricted read access to all secrets. An attacker that compromises the operator or its service account can exfiltrate sensitive credentials, escalate privileges, and potentially achieve full cluster compromise.

Publicada: 30/4/2026, 22:16:26
Última modificación: 5/5/2026, 0:17:29

Referencias

InicioEventosBlogRecursosEquipo