Assisted-migration-agent: vddk tarball chained-symlink arbitrary file write

CVE	CVE-2026-53476
State	PUBLISHED
Assigner	redhat
Source Priority	CVE Program / NVD first with legacy fallback
Published	2026-06-10 15:16:42 UTC
Updated	2026-06-10 19:24:04 UTC
Description	A flaw was found in assisted-migration-agent. An unauthenticated attacker, located on the same local area network (LAN), can exploit a path traversal vulnerability. By crafting a specially designed gzipped tarball, the attacker can bypass security checks and write arbitrary files to the system. This could ultimately lead to the execution of unauthorized code on the appliance.

Primary CVSS: v3.1 9.6 CRITICAL from [email protected]

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Problem Types: CWE-59 | CWE-59 Improper Link Resolution Before File Access ('Link Following')

Version	Source	Type	Score	Severity	Vector
3.1	[email protected]	Primary	9.6	CRITICAL	`CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H`
3.1	CNA	CVSS	9.6	CRITICAL	`CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H`

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

There are no known software configurations currently associated with this CVE in NVD or the CVE Program record.

Reference	Source	Link	Tags
access.redhat.com/security/cve/CVE-2026-53476	[email protected]	access.redhat.com
github.com/kubev2v/assisted-migration-agent/pull/256	[email protected]	github.com
bugzilla.redhat.com/show_bug.cgi	[email protected]	bugzilla.redhat.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Source	Time	Event
CNA	2026-06-09T18:35:34.837Z	Reported to Red Hat.
CNA	2026-06-07T00:00:00.000Z	Made public.

There are currently no legacy QID mappings associated with this CVE.