CVE-2026-6272

216.73.217.22

· Published 24/04/2026 09:16 · Modified 24/04/2026 14:39

Labels: CVE-2026-6272 2026-04-24 CVE-2026-6272 CWE-306 [email protected]

Essential information

Published: 24/04/2026 09:16
Modified: 24/04/2026 14:39
Author: —
Creator: —
CVSS: 8.5 HIGH (v3) 8.5 HIGH (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

A client holding only a read JWT scope can still register itself as a signal provider through the production kuksa.val.v2 OpenProviderStream API by sending ProvideSignalRequest. 1. Obtain any valid token with only read scope. 2. Connect to the normal production gRPC API (kuksa.val.v2). 3. Open OpenProviderStream. 4. Send ProvideSignalRequest for a target signal ID. 5. Wait for the broker to forward GetProviderValueRequest. 6. Reply with attacker-controlled GetProviderValueResponse. 7. Other clients performing GetValue / GetValues for that signal receive forged data.

NVD status

Status: Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
eclipse / kuksa	`cpe:2.3:a:eclipse:kuksa::::::::`