Vulnerability Details CVE-2026-53473
A flaw was found in migration-planner-ui-app. An attacker can register a malicious discovery agent with a specially crafted credentialUrl containing JavaScript code. When an organizational user clicks this link in the user interface, the embedded malicious code executes within the user's browser session. This cross-site scripting (XSS) vulnerability allows the attacker to compromise the victim's Red Hat Single Sign-On (SSO) session, potentially leading to unauthorized cross-tenant data access and API actions.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 13.4%
CVSS Severity
CVSS v3 Score 7.3
References
Products affected by CVE-2026-53473
-
cpe:2.3:a:kubev2v:migration_planner_ui:*