CVE-2026-8668

Vulnerability Description

A static credential embedded in Chef 360 prior to v1.7.0 permitted unauthenticated access to internal message queues. Queue messages contained tenant-specific identifiers. The credential has been rotated and replaced with per-tenant access in subsequent versions, eliminating this access method entirely.

Vulnerability Details

Published Date

June 18, 2026

Last Modified

June 18, 2026

CWE ID

CWE-523

Source

NVD

External References

https://docs.chef.io/release_notes/360/

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment