Description
A flaw was found in migration-planner. A remote authenticated attacker could exploit this vulnerability by uploading a specially crafted RVTools .xlsx file. Due to improper input sanitization, malicious SQL embedded within a spreadsheet cell is executed when cluster names are processed. This SQL Injection allows for arbitrary file reading on the system, potentially exposing sensitive information such as Kubernetes service account tokens and other credentials, which could lead to a full compromise of the SaaS environment.
Published: 2026-06-10
Score: 9.6 Critical
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in migration‑planner allows a remote authenticated attacker to upload a specially crafted RVTools .xlsx file. Improper input sanitization causes the spreadsheet’s embedded SQL to be executed when cluster names are processed. This second‑order SQL injection permits arbitrary file reading, exposing Kubernetes service account tokens and other credentials, which could lead to a full compromise of the SaaS environment.

Affected Systems

Any deployed instance of migration‑planner may be vulnerable; specific affected versions are not listed in the advisory.

Risk and Exploitability

The CVSS score of 9.6 indicates a high‑severity risk. Although no EPSS score is available and the vulnerability is not yet listed in KEV, the remote authenticated nature and potential to read sensitive system files make exploitation likely in environments where users can upload RVTools files. An attacker with legitimate credentials could leverage the injection to read arbitrary files, retrieve critical secrets, and elevate privileges or take full control of the environment.

Generated by OpenCVE AI on June 10, 2026 at 15:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade migration‑planner to the latest version that eliminates the upload sanitization flaw
  • Restrict RVTools .xlsx upload capability to a minimal set of privileged accounts
  • Deploy a web application firewall or similar controls to block suspicious SQL payloads in uploaded files

Generated by OpenCVE AI on June 10, 2026 at 15:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 17:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 10 Jun 2026 14:45:00 +0000

Type Values Removed Values Added
Description A flaw was found in migration-planner. A remote authenticated attacker could exploit this vulnerability by uploading a specially crafted RVTools .xlsx file. Due to improper input sanitization, malicious SQL embedded within a spreadsheet cell is executed when cluster names are processed. This SQL Injection allows for arbitrary file reading on the system, potentially exposing sensitive information such as Kubernetes service account tokens and other credentials, which could lead to a full compromise of the SaaS environment.
Title Migration-planner: second-order sql injection via rvtools upload
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 9.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-06-10T16:31:39.245Z

Reserved: 2026-06-09T17:03:29.628Z

Link: CVE-2026-53474

cve-icon Vulnrichment

Updated: 2026-06-10T16:22:50.391Z

cve-icon NVD

Status : Received

Published: 2026-06-10T15:16:41.943

Modified: 2026-06-10T15:16:41.943

Link: CVE-2026-53474

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T16:00:07Z

Weaknesses