CVE-2026-23782

216.73.216.233

· Published 10/04/2026 15:16 · Modified 10/04/2026 15:16

Labels: CVE-2026-23782 2026-04-10 CVE-2026-23782 [email protected]

Essential information

Published: 10/04/2026 15:16
Modified: 10/04/2026 15:16
Author: —
Creator: —
CISA KEV: No
CWE: —
CVSS vector

Description

An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. An API management endpoint allows unauthenticated users to obtain both an API identifier and its corresponding secret value. With these exposed secrets, an attacker could invoke privileged API operations, potentially leading to unauthorized access.

NVD status

Status: Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
bmc / control-m	`cpe:2.3:a:bmc:control-m:9.0.20-9.0.22:::::::*`

CVE-2026-23782

Essential information

Description

NVD status

Affected products (CPE)

References