CVE-2026-53475

CRITICAL 9.3

Assisted-migration-agent: tls verification disabled on all vcenter connections

CVSS Score

9.3

EPSS Score

0.0%

EPSS Percentile

0th

A flaw was found in assisted-migration-agent. The application hardcodes insecure Transport Layer Security (TLS) connections when communicating with vCenter. This vulnerability allows a Man-in-the-Middle (MITM) attacker to intercept and harvest vCenter administrator credentials. This can lead to unauthorized access to vCenter.

CWE	CWE-295
Published	Jun 10, 2026
Last Updated	Jun 10, 2026

Stay Ahead of the Next One

Get instant alerts for

Be the first to know when new critical vulnerabilities are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

None

References

NVD ↗ CVE.org ↗ EPSS Data ↗

access.redhat.com: https://access.redhat.com/security/cve/CVE-2026-53475 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2487232 github.com: https://github.com/kubev2v/assisted-migration-agent/pull/268