CVE-2026-53474

Name: CVE-2026-53474 — Vulnerability Record
Brand: Quanteta Data Lab
SKU: CVE-2026-53474

CRITICAL

CVSS v3.1: 9.6

NetworkNo user interactionSQL Injection

Source data as of: 2026-06-11 05:00:12 UTC

At a glance

Severity: CRITICAL
CVSS: 9.6 v3.1 · NVD
EPSS: EPSS not provided by FIRST.org for this CVE
CISA KEV: No
Type: SQL Injection · NVD CWE
Attack conditions (CVSS vector): NetworkNo user interaction · Source: NVD Vector
Published: 2026-06-10 · Modified: 2026-06-10
References: Jump to references (3)

CVSS / EPSS / KEV

CVSS v3.1 9.6 / 10 CRITICAL Source: NVD

EPSS — EPSS not provided by FIRST.org for this CVE Source: FIRST.org

CISA KEV No Source: CISA

Source — CVSS: NVD · EPSS: FIRST.org · KEV: CISA. Data & Sources

Description

A flaw was found in migration-planner. A remote authenticated attacker could exploit this vulnerability by uploading a specially crafted RVTools .xlsx file. Due to improper input sanitization, malicious SQL embedded within a spreadsheet cell is executed when cluster names are processed. This SQL Injection allows for arbitrary file reading on the system, potentially exposing sensitive information such as Kubernetes service account tokens and other credentials, which could lead to a full compromise of the SaaS environment.

Record details

CVE ID: CVE-2026-53474
CVSS (v3.1): 9.6 (CRITICAL)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
Exploitability subscore: 3.1
Impact subscore: 5.8
CISA KEV: No
Weakness (CWE): CWE-89
Affected configurations (CPE): 0
Published: 2026-06-10
Modified: 2026-06-10
Status: Awaiting Analysis

References

Reference URLs as listed by NVD, grouped by a mechanical match on the link's host/pattern. Labels describe the link type only.

← Back to all records

CVE-2026-53474

At a glance

CVSS / EPSS / KEV

Description

Record details

References

Related records

Same weakness type (CWE)

Published the same year