CVE-2026-23782

Name of the Vulnerable Software and Affected Versions BMC Control-M/MFT versions 9.0.20 through 9.0.22

Description An API management endpoint allows unauthenticated users to obtain an API identifier and its corresponding secret value. An attacker could use these exposed secrets to invoke privileged API operations, potentially leading to unauthorized access.

Recommendations Update to a version later than 9.0.22.