HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-40677Published Modified CNA AMD

CVE-2026-40677: The use of insecure HTTP transport within AMD optional tools could allow an attacker to conduct a man-in-the-middle attack, potentially leading to arbitrary code execution

The use of insecure HTTP transport within AMD optional tools could allow an attacker to conduct a man-in-the-middle attack, potentially leading to arbitrary code execution.

Metrics

CVSS v4.0
7.7
Severity
HIGH
Fixed in
2.14.3
Affected Products
3

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

This is a man-in-the-middle (MITM) vulnerability affecting AMD optional tools, specifically AMD Management Console, AMD Ryzen Master, and AMD uProf. The affected software communicates over plain HTTP rather than HTTPS, allowing a network-positioned attacker to intercept and tamper with traffic without any authentication. Successful exploitation enables the attacker to inject and execute arbitrary code on the target system. A patched-image rebuild is available on HarborGuard for environments running an affected version.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against customer images in connected registries and CI/CD pipelines, including custom-built images that bundle AMD optional tools.

Available
Triage

HarborGuard scores this finding at CVSS 7.7 HIGH and weights it against each environment's compliance policy to determine urgency. Triage results are routed to the appropriate team inbox within each customer organization based on configured ownership rules.

Available
Patch

A patched-image rebuild targeting fix versions 2.14.3, 5.3, and 14.0.0 (per affected product) is available on HarborGuard for any image found to carry a vulnerable version. For customers who opt into auto-remediation, HarborGuard performs the rebuild, runs a regression test suite, and opens a pull request against the affected workloads automatically.

Available

Exploit Conditions

  • Network reachabilityRequired

    The attacker must be positioned on the network path between the affected tool and its update or communication endpoint, reachable over the network due to the use of plain HTTP transport.

  • AuthenticationNot required

    No credentials are needed; the attacker only needs a network-adjacent position to intercept unencrypted HTTP traffic.

  • Victim interactionRequired

    A user on the target system must trigger a network request from the affected tool (for example, launching the application or initiating an update) for the attacker to inject a malicious payload.

  • Attack complexityDetail

    While the exploit itself is straightforward once positioned, the attack requires the presence of specific conditions such as the attacker holding a man-in-the-middle position on the network path (AT:P), meaning the exploit is not condition-free.

Blast Radius

  • An attacker who successfully injects a payload can execute arbitrary code on the target host with the privileges of the running AMD tool process.
  • Confidential data accessible to that process, including system configuration and user session context, is exposed to the attacker.
  • The attacker can modify or overwrite files and data accessible to the affected process, tampering with system state or installing persistent software.
  • The affected tool process and any dependent services can be crashed or rendered unavailable.

How HarborGuard Handles This

Available on HarborGuard: detection for CVE-2026-40677 is active across all connected registries and pipelines, with images matched against the affected AMD Management Console, AMD Ryzen Master, and AMD uProf package versions immediately on ingest. For customers who opt into auto-remediation, HarborGuard rebuilds the affected image at the appropriate fix version (2.14.3, 5.3, or 14.0.0 depending on the product in the image), runs a regression test run against the rebuilt image, and opens a pull request against affected workloads. The median time from CVE publication to merged patch PR for high-severity issues is around 90 minutes for environments with auto-remediation enabled. Where compliance policy requires manual approval, the rebuilt image and a prefilled pull request are staged and waiting for reviewer action. Customers without auto-remediation should prioritize upgrading affected AMD tooling to the fix versions and, as a compensating control, apply network policy to restrict outbound HTTP traffic from hosts running these tools until the upgrade is confirmed.

See how HarborGuard automates this

Fix available

2.14.35.314.0.0
Affected packages
  • AMD / AMD Management Console (AMC)
    Fixed in 14.0.0
  • AMD / AMD Ryzen™ Master
    Fixed in 2.14.3
  • AMD / AMD µProf
    Fixed in 5.3
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
References