CVE-2026-8668
LowCVSS 2.3Exploitation Probability (EPSS)
Low risk7th percentile — higher than 7% of all known CVEs
Summary
A static credential embedded in Chef 360 prior to v1.7.0 permitted unauthenticated access to internal message queues. Queue messages contained tenant-specific identifiers.
Risk Assessment
Organizations could have been exposed to the disclosure of sensitive tenant information, potentially leading to privacy breaches and data security issues.
Recommendation
It is recommended to upgrade to at least Chef 360 version 1.7.0 to eliminate this vulnerability and ensure proper access controls.
Original NVD description (English source)
A static credential embedded in Chef 360 prior to v1.7.0 permitted unauthenticated access to internal message queues. Queue messages contained tenant-specific identifiers. The credential has been rotated and replaced with per-tenant access in subsequent versions, eliminating this access method entirely.

