Progress Chef Chef360 vulnerabilities
2 known vulnerabilities affecting progress_chef/chef360.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1LOW1
Vulnerabilities
Page 1 of 1
CVE-2026-8100P2HIGHCVSS 8.6fixed in 1.7.12026-06-18
CVE-2026-8100 [HIGH] CWE-23 CVE-2026-8100: Impact A security issue has been identified in Chef 360 that could allow unauthorized access to pro
Impact
A security issue has been identified in Chef 360 that could allow unauthorized access to protected API endpoints under specific conditions. This issue is due to improper handling of URL-encoded paths during request processing. In certain scenarios, an authenticated request may bypass standard access controls gaining additional privileges, potentia
nvd
CVE-2026-8668P4LOWCVSS 2.3fixed in 1.7.12026-06-18
CVE-2026-8668 [LOW] CWE-523 CVE-2026-8668: A static credential embedded in Chef 360 prior to v1.7.0 permitted unauthenticated access to interna
A static credential embedded in Chef 360 prior to v1.7.0 permitted unauthenticated access to internal message queues. Queue messages contained tenant-specific identifiers. The credential has been rotated and replaced with per-tenant access in subsequent versions, eliminating this access method entirely.
nvd