CVE-2026-39910P2CRITICALCVSS 9.8fixed in 2026-05-282026-06-08
CVE-2026-39910 [CRITICAL] CWE-862 CVE-2026-39910: STACKIT IaaS API contains a missing authorization check vulnerability that allows authenticated, low
STACKIT IaaS API contains a missing authorization check vulnerability that allows authenticated, low-privileged attackers to escalate privileges to full organization compromise by attaching arbitrary service accounts to virtual machines they control. Attackers can exploit the unvalidated PUT servers service-accounts endpoint to attach high-privile
nvd