GHSA-x9f6-9rvm-mmrg: vantage6 node has an Improper Access Control issue
Impact
Malicious algorithms can potentially access other algorithms input and output files.
Patches
Todo
Workarounds
Verify and restrict the algorithm containers that are allowed to run on your node. See here on how to do this.
References
https://docs.vantage6.ai/usage/running-the-node/security
For more information
If you have any questions or comments about this advisory:
- Email us at vantage6@iknl.nl
Details
Original advisory: https://github.com/advisories/GHSA-x9f6-9rvm-mmrg
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Low exploitation riskCVE-2026-545330.29% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 20% of all scored CVEs.
Referenced CVEs
| CVE | CSIRTS overview | External |
|---|---|---|
| CVE-2026-54533 | coverage & exploitation status | NVD · CVE.org |
More from GitHub Security Advisories
- criticalGHSA-g936-7jqj-mwv8: TSDProxy: Internal proxy auth token forwarded to backend services enables management API …2026-07-10
- highGHSA-fpg8-7664-jc5q: melange: Incomplete package integrity verification allows data section substitution2026-07-10
- mediumGHSA-48rx-c7pg-q66r: Excon does not redact additional sensitive/risky headers when following redirects2026-07-10
- highGHSA-h4g2-xfmw-q2c9: Clauster: Non-loopback deployments can serve the dashboard unauthenticated when auth.enab…2026-07-10
- mediumGHSA-rqq5-2gf9-4w4q: Secure Headers: CSP directive injection via sandbox, plugin_types, and report_to when giv…2026-07-10