CVE Catalog

CVE-2026-8668

LowCVSS 2.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.17%

7th percentile — higher than 7% of all known CVEs

Summary

A static credential embedded in Chef 360 prior to v1.7.0 permitted unauthenticated access to internal message queues. Queue messages contained tenant-specific identifiers.

Risk Assessment

Organizations could have been exposed to the disclosure of sensitive tenant information, potentially leading to privacy breaches and data security issues.

Recommendation

It is recommended to upgrade to at least Chef 360 version 1.7.0 to eliminate this vulnerability and ensure proper access controls.

Original NVD description (English source)

A static credential embedded in Chef 360 prior to v1.7.0 permitted unauthenticated access to internal message queues.  Queue messages contained tenant-specific identifiers.  The credential has been rotated and replaced with per-tenant access in subsequent versions, eliminating this access method entirely.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS