The flaw lies in the agent‑API middleware's handling of JSON Web Tokens. When agents call the UpdateSourceInventory or UpdateAgentStatus endpoints, the middleware accepts any token that contains a source_id claim, but it does not compare that claim against the source ID supplied in the API request. This flaw permits an attacker who has a legitimate agent token to use that token against another source and forge requests that appear to originate from that source. As a result, the attacker can overwrite inventory data, plant malicious credential URLs, or corrupt migration assessments, erasing tenant isolation and allowing full data tampering across tenants.

The vulnerability affects the migration‑planner project. All versions of the agent‑API that lack the source_id claim validation are susceptible. The patch is included in the latest release pulled in by PR 1213. No specific vendor version matrix is provided by the CNA; the affected component is the migration‑planner binary and its agent‑API interface.

The CVSS score of 9.6 classifies the issue as Critical, and although the EPSS score is not published, the nature of the vulnerability indicates a high likelihood of exploitation by an attacker with a valid agent token. It is not listed in the CISA KEV catalog, but the potential to destroy tenant isolation and alter migration data makes it a high‑priority target for remediation. An attacker can exploit the flaw by forging cross‑tenant requests; no special network access is required beyond legitimate agent authentication, making this vector both trivial to set up and highly damaging.