Description
Northern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and 3.27.0 has Incorrect Access Control.
Published: 2026-05-14
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a case of incorrect access control in Northern.tech CFEngine Enterprise, allowing an attacker to gain unauthorized access to privileged operations or sensitive data. It falls under the category of improper access control weaknesses. The attack can lead to data compromise, system modification, or disruption of services depending on permissions granted by the compromised account.

Affected Systems

The affected products are Northern.tech CFEngine Enterprise releases prior to version 3.21.8, 3.24.3 and 3.27.0. Systems running these older CFEngine versions are susceptible to the flaw.

Risk and Exploitability

The CVSS score is not provided in the available data, and the EPSS score is not available, so the exact exploitation probability is unknown. It is not listed in the CISA KEV catalog. Based on the nature of the flaw, the likely attack vector could be remote or local, depending on network exposure and authentication mechanisms. The weakness permits unauthorized access to functionalities that should be restricted, allowing an attacker to potentially read, modify, or delete configuration data or execute privileged commands.

Generated by OpenCVE AI on May 14, 2026 at 15:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any security update or patch released by Northern.tech for CFEngine Enterprise, specifically versions 3.21.8, 3.24.3, or 3.27.0 or later.
  • If a patch is not yet available, disable or limit network exposure for the CFEngine service and enforce strict firewall rules and access controls.
  • Verify configuration files and deployment settings to ensure that access control policies align with least‑privilege principles.

Generated by OpenCVE AI on May 14, 2026 at 15:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 14 May 2026 15:45:00 +0000

Type Values Removed Values Added
Title Incorrect Access Control in CFEngine Enterprise
Weaknesses CWE-284

Thu, 14 May 2026 14:30:00 +0000

Type Values Removed Values Added
Description Northern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and 3.27.0 has Incorrect Access Control.
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-05-14T13:47:09.553Z

Reserved: 2026-01-24T00:00:00.000Z

Link: CVE-2026-24711

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-14T15:16:44.860

Modified: 2026-05-14T17:06:08.693

Link: CVE-2026-24711

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-14T15:30:16Z

Weaknesses