CVE-2026-6389

HIGH

IBM Turbonomic Prometurbo agent used by IBM Turbonomic Application Resource Management is affected by a single vulnerability

Title source: cna

Description

IBM Turbonomic prometurbo agent 8.16.0 through 8.17.6 IBM Turbonomic Application Resource Management grants excessive cluster‑wide permissions, including unrestricted read access to all secrets. An attacker that compromises the operator or its service account can exfiltrate sensitive credentials, escalate privileges, and potentially achieve full cluster compromise.

References (1)

[Vendor Advisory] https://www.ibm.com/support/pages/node/7270720

Scores

CVSS v3 8.8

EPSS 0.0001

EPSS Percentile 1.1%

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-269

Status published

Products (1)

IBM/Turbonomic prometurbo agent 8.16.0 - 8.17.6

Published Apr 30, 2026

Tracked Since May 01, 2026