Description
A flaw was found in migration-planner. A remote authenticated attacker could exploit this vulnerability by uploading a specially crafted RVTools .xlsx file. Due to improper input sanitization, malicious SQL embedded within a spreadsheet cell is executed when cluster names are processed. This SQL Injection allows for arbitrary file reading on the system, potentially exposing sensitive information such as Kubernetes service account tokens and other credentials, which could lead to a full compromise of the SaaS environment.
Published: 2026-06-10
Score: 9.6 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in migration‑planner allows a remote authenticated attacker to upload a specially crafted RVTools .xlsx file. Improper input sanitization causes the spreadsheet’s embedded SQL to be executed when cluster names are processed. This second‑order SQL injection permits arbitrary file reading, exposing Kubernetes service account tokens and other credentials, which could lead to a full compromise of the SaaS environment.

Affected Systems

Any deployed instance of migration‑planner may be vulnerable; specific affected versions are not listed in the advisory.

Risk and Exploitability

The CVSS score of 9.6 indicates a high‑severity risk. Although no EPSS score is available and the vulnerability is not yet listed in KEV, the remote authenticated nature and potential to read sensitive system files make exploitation likely in environments where users can upload RVTools files. An attacker with legitimate credentials could leverage the injection to read arbitrary files, retrieve critical secrets, and elevate privileges or take full control of the environment.

Generated by OpenCVE AI on June 10, 2026 at 15:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade migration‑planner to the latest version that eliminates the upload sanitization flaw
  • Restrict RVTools .xlsx upload capability to a minimal set of privileged accounts
  • Deploy a web application firewall or similar controls to block suspicious SQL payloads in uploaded files

Generated by OpenCVE AI on June 10, 2026 at 15:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Kebev2v
Kebev2v migration Assessment
CPEs cpe:2.3:a:kebev2v:migration_assessment:*:*:*:*:*:*:*:*
Vendors & Products Kebev2v
Kebev2v migration Assessment

Thu, 11 Jun 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Kubev2v
Kubev2v migration-planner
Vendors & Products Kubev2v
Kubev2v migration-planner

Thu, 11 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Important

Wed, 10 Jun 2026 17:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 10 Jun 2026 14:45:00 +0000

Type Values Removed Values Added
Description A flaw was found in migration-planner. A remote authenticated attacker could exploit this vulnerability by uploading a specially crafted RVTools .xlsx file. Due to improper input sanitization, malicious SQL embedded within a spreadsheet cell is executed when cluster names are processed. This SQL Injection allows for arbitrary file reading on the system, potentially exposing sensitive information such as Kubernetes service account tokens and other credentials, which could lead to a full compromise of the SaaS environment.
Title Migration-planner: second-order sql injection via rvtools upload
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 9.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N'}

Subscriptions

Kebev2v Migration Assessment
Kubev2v Migration-planner
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-06-10T16:31:39.245Z

Reserved: 2026-06-09T17:03:29.628Z

Link: CVE-2026-53474

cve-icon Vulnrichment

Updated: 2026-06-10T16:22:50.391Z

cve-icon NVD

Status : Analyzed

Published: 2026-06-10T15:16:41.943

Modified: 2026-06-16T14:37:13.993

Link: CVE-2026-53474

cve-icon Redhat

Severity : Important

Publid Date: 2026-06-07T00:00:00Z

Links: CVE-2026-53474 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-11T10:41:53Z

Weaknesses
  • CWE-89

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')