PT-2026-50804 · Progress Chef · Chef360

Published

2026-06-18

·

Updated

2026-06-18

·

CVE-2026-8668

CVSS v4.0

2.3

Low

VectorAV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:L/SC:H/SI:N/SA:L/E:P/S:N/AU:Y/RE:L
A static credential embedded in Chef 360 prior to v1.7.0 permitted unauthenticated access to internal message queues.  Queue messages contained tenant-specific identifiers.  The credential has been rotated and replaced with per-tenant access in subsequent versions, eliminating this access method entirely.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-523

Related Identifiers

CVE-2026-8668

Affected Products

Chef360