CVE-2026-8668

UNKNOWN 0.0

Hardcoded credentials in embedded content

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

A static credential embedded in Chef 360 prior to v1.7.0 permitted unauthenticated access to internal message queues. Queue messages contained tenant-specific identifiers. The credential has been rotated and replaced with per-tenant access in subsequent versions, eliminating this access method entirely.

CWE	CWE-523
Vendor	progress chef
Product	chef360
Published	Jun 18, 2026

Stay Ahead of the Next One

Get instant alerts for progress chef chef360

Be the first to know when new unknown vulnerabilities affecting progress chef chef360 are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Progress Chef / Chef360

0 < 1.7.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

docs.chef.io: https://docs.chef.io/release_notes/360/