{"@context":"https://openvex.dev/ns/v0.2.0","@id":"https://database.harborguard.co/cve/CVE-2026-53471/vex.json","author":"HarborGuard Database","role":"Document Creator","timestamp":"2026-06-10T16:02:20.123Z","version":1,"tooling":"HarborGuard Database (https://database.harborguard.co)","statements":[{"vulnerability":{"name":"CVE-2026-53471","@id":"https://www.cve.org/CVERecord?id=CVE-2026-53471","description":"A flaw was found in migration-planner. The agent-API middleware processes JSON Web Tokens (JWTs) for authentication, but its UpdateSourceInventory and UpdateAgentStatus handlers fail to validate the source_id claim within these tokens against the requested source ID. This oversight allows an authenticated attacker with a valid agent token to manipulate data across different tenants, leading to a complete collapse of tenant isolation. This could result in unauthorized overwriting of victim invent"},"products":[{"@id":"https://database.harborguard.co/cve/CVE-2026-53471#product"}],"status":"affected","action_statement":"Update to a fixed version: 0.13.5.","timestamp":"2026-06-10T16:02:20.123Z"}]}