CVE-2026-6389

HIGH 8.8

IBM Turbonomic Prometurbo agent used by IBM Turbonomic Application Resource Management is affected by a single vulnerability

CVSS Score

8.8

EPSS Score

0.0%

EPSS Percentile

0th

IBM Turbonomic prometurbo agent 8.16.0 through 8.17.6 IBM Turbonomic Application Resource Management grants excessive cluster‑wide permissions, including unrestricted read access to all secrets. An attacker that compromises the operator or its service account can exfiltrate sensitive credentials, escalate privileges, and potentially achieve full cluster compromise.

CWE	CWE-269
Vendor	ibm
Product	turbonomic prometurbo agent
Published	Apr 30, 2026

Stay Ahead of the Next One

Get instant alerts for ibm turbonomic prometurbo agent

Be the first to know when new high vulnerabilities affecting ibm turbonomic prometurbo agent are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

IBM / Turbonomic prometurbo agent

8.16.0 ≤ 8.17.6

References

NVD ↗ CVE.org ↗ EPSS Data ↗

ibm.com: https://www.ibm.com/support/pages/node/7270720

Credits

This vulnerability was reported to IBM by Lior Yakim.