cvedb.io
CVE-2026-6389
HIGH · CVSS 8.8
EPSS exploitation probability: 0%
Published 2026-04-30T22:16:26.207 · Last modified 2026-06-17T11:00:45.957

Summary

IBM Turbonomic prometurbo agent 8.16.0 through 8.17.6 IBM Turbonomic Application Resource Management grants excessive cluster‑wide permissions, including unrestricted read access to all secrets. An attacker that compromises the operator or its service account can exfiltrate sensitive credentials, escalate privileges, and potentially achieve full cluster compromise.

Affected products

ibm — turbonomic_prometurbo_agent

Does this affect you?

Add your gear to cvedb and we'll alert you only when ibm ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.