How is CVE-2026-53469 exploited?

Network reachability (required): The attacker must reach the migration-planner API service over the network to send the malicious DELETE request. Authentication (required): Any low-privilege authenticated account is sufficient; no elevated or administrative role is needed to trigger the vulnerable endpoint. Victim interaction (not-required): No victim action is needed; the attacker sends the DELETE request directly without relying on social engineering or user interaction. Attack complexity (info): The exploit is reliable and condition-free, requiring no race conditions, specific memory layout, or other environmental factors.

What is the impact of CVE-2026-53469?

Permanently deletes all sources, agents, and assessments stored in the migration-planner platform, with no scoping to the attacker's own tenant. Destroys migration planning data for every tenant on the shared platform in a single request. Disrupts ongoing migration workflows by removing the assessment and agent records those workflows depend on. Causes irrecoverable data loss if no external backup exists, as the deletion is not filtered or reversible at the application layer.

Back to search

CRITICALCVE-2026-53469Published 2026-06-10Modified 2026-06-10CNA redhat

CVE-2026-53469: Migration-planner: unprotected delete endpoint wipes all tenant data

A flaw was found in migration-planner. An authenticated user can exploit this vulnerability by sending a DELETE request to the /api/v1/sources route, which lacks proper authorization and filtering. This allows for the destruction of all customer data, including sources, agents, and assessments, leading to a critical loss of availability and integrity across the entire SaaS platform.

CVSS v3.1: 9.1
Severity: CRITICAL
Fixed in: 0.13.5
Affected Products: 1

HarborGuard Analysis

Synopsis

An improper authorization flaw in migration-planner exposes an unprotected DELETE endpoint at /api/v1/sources. Any authenticated user can send a DELETE request to this route without any authorization or tenant-scoping checks, because the endpoint lacks proper filtering. Successful exploitation wipes all sources, agents, and assessments across the entire platform, causing a critical loss of data integrity and availability. A patched-image rebuild at version 0.13.5 is available on HarborGuard for environments running an affected version.

HarborGuard Coverage

Detection

Detection of CVE-2026-53469 is available across every HarborGuard environment: the CVE is ingested from upstream feeds, including the Red Hat CNA advisory, within minutes of publication and matched against container images in customer registries and CI/CD pipelines, including custom-built images derived from affected migration-planner base images.

Available

Triage

HarborGuard surfaces this CVE with its CVSS v3.1 score of 9.1 (Critical) and applies per-environment compliance policy weighting to prioritize routing, sending findings to the appropriate team inbox within each customer organization based on configured severity thresholds and ownership rules.

Available

Patch

A patched-image rebuild at migration-planner version 0.13.5 becomes available on HarborGuard for any environment where an affected image is detected. For customers with auto-remediation enabled, HarborGuard triggers a rebuild, runs a regression test suite against the new image, and opens a pull request against affected workloads automatically.

Available

Exploit Conditions

Network reachabilityRequired
The attacker must reach the migration-planner API service over the network to send the malicious DELETE request.
AuthenticationRequired
Any low-privilege authenticated account is sufficient; no elevated or administrative role is needed to trigger the vulnerable endpoint.
Victim interactionNot required
No victim action is needed; the attacker sends the DELETE request directly without relying on social engineering or user interaction.
Attack complexityDetail
The exploit is reliable and condition-free, requiring no race conditions, specific memory layout, or other environmental factors.

Blast Radius

Permanently deletes all sources, agents, and assessments stored in the migration-planner platform, with no scoping to the attacker's own tenant.
Destroys migration planning data for every tenant on the shared platform in a single request.
Disrupts ongoing migration workflows by removing the assessment and agent records those workflows depend on.
Causes irrecoverable data loss if no external backup exists, as the deletion is not filtered or reversible at the application layer.

How HarborGuard Handles This

Available on HarborGuard: detection for CVE-2026-53469 is active for all scanned environments the moment the advisory is ingested, covering any image that includes an affected version of migration-planner (versions below 0.13.5). For customers with auto-remediation enabled, HarborGuard rebuilds the image at the fixed version 0.13.5, runs a regression test pass, and opens a pull request against affected workloads; median time from CVE publication to merged patch PR for critical-severity issues is around 90 minutes in environments with auto-remediation enabled. Where compliance policy requires manual approval, the rebuilt image and a remediation report are queued for reviewer action. Given the severity of this flaw (unauthenticated-for-privilege, single-request full data wipe), customers who cannot immediately rebuild are advised to apply network-policy rules that restrict access to the /api/v1/sources DELETE endpoint to known, authorized source IPs, and to consider feature-flag or reverse-proxy gating on the DELETE method for that route as a compensating control until the patched image is deployed.

See how HarborGuard automates this

Fix available

0.13.5

Affected packages

unknown
< 0.13.5 (from 0)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

References

Metrics

Get notified

HarborGuard Analysis

Synopsis

HarborGuard Coverage

Exploit Conditions

Blast Radius

How HarborGuard Handles This

Fix available