CVE Catalog

CVE-2026-53469

CriticalCVSS 9.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.33%

25th percentile — higher than 25% of all known CVEs

Summary

A flaw was found in migration-planner that allows an authenticated user to send a DELETE request to the /api/v1/sources route, which lacks proper authorization and filtering. This enables the destruction of all customer data, including sources, agents, and assessments.

Risk Assessment

This vulnerability leads to a critical loss of availability and integrity across the entire SaaS platform, which can severely impact the organization's operations.

Recommendation

It is recommended to implement proper authorization and filtering mechanisms for DELETE requests on the /api/v1/sources route to prevent unauthorized data deletion.

Original NVD description (English source)

A flaw was found in migration-planner. An authenticated user can exploit this vulnerability by sending a DELETE request to the /api/v1/sources route, which lacks proper authorization and filtering. This allows for the destruction of all customer data, including sources, agents, and assessments, leading to a critical loss of availability and integrity across the entire SaaS platform.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS