CVE-2026-6389
HIGH WAF: Low
CVSS 7.8
Published: 2026-04-30
CWE-269
IBM Turbonomic prometurbo agent 8.16.0 through 8.17.6 IBM Turbonomic Application Resource Management grants excessive cluster‑wide permissions, including unrestricted read access to all secrets. An attacker that compromises the operator or its service account can exfiltrate sensitive credentials, escalate privileges, and potentially achieve full cluster compromise.
WAF Coverage Analysis
Improper Privilege Management
Low WAF Coverage
OWASP: A01:2021 Broken Access Control
Affected Software
| Vendor | Product | Version |
|---|---|---|
| ibm | turbonomic_prometurbo_agent | 8.16.0 - 8.18.0 |
References
- www.ibm.com (Vendor Advisory)