Filtered by vendor Stackit
Subscriptions
Total
1 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-39910 | 1 Stackit | 1 Iaas Api | 2026-06-09 | 9.8 Critical |
| STACKIT IaaS API contains a missing authorization check vulnerability that allows authenticated, low-privileged attackers to escalate privileges to full organization compromise by attaching arbitrary service accounts to virtual machines they control. Attackers can exploit the unvalidated PUT servers service-accounts endpoint to attach high-privileged service accounts and query the Instance Metadata Service to retrieve OAuth2 tokens, bypassing tenant boundaries and gaining unauthorized control over the entire organization environment. | ||||
Page 1 of 1.