Vulnerability Details CVE-2026-53469
A flaw was found in migration-planner. An authenticated user can exploit this vulnerability by sending a DELETE request to the /api/v1/sources route, which lacks proper authorization and filtering. This allows for the destruction of all customer data, including sources, agents, and assessments, leading to a critical loss of availability and integrity across the entire SaaS platform.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 24.7%
CVSS Severity
CVSS v3 Score 9.1
References
Products affected by CVE-2026-53469
-
cpe:2.3:a:kebev2v:migration_assessment:*