CVE-2026-6389
Published: 30 April 2026
Summary
CVE-2026-6389 is a high-severity Improper Privilege Management (CWE-269) vulnerability in Ibm Turbonomic Prometurbo Agent. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 1.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-2 (Account Management) and AC-6 (Least Privilege).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Enforces least privilege to ensure the prometurbo agent's service account lacks excessive cluster-wide permissions, preventing unauthorized read access to secrets and privilege escalation.
Manages service accounts and associated privileges for the operator and agent, restricting them to only necessary permissions and preventing over-privileging.
Establishes and enforces secure configuration settings for the agent's RBAC roles, mitigating excessive permissions including unrestricted secret access.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability provides excessive cluster-wide permissions including unrestricted read access to all Kubernetes secrets, directly enabling credential exfiltration via container/K8s API (T1552.007) and privilege escalation to full cluster compromise (T1068).
NVD Description
IBM Turbonomic prometurbo agent 8.16.0 through 8.17.6 IBM Turbonomic Application Resource Management grants excessive cluster‑wide permissions, including unrestricted read access to all secrets. An attacker that compromises the operator or its service account can exfiltrate sensitive credentials, escalate privileges, and…
more
potentially achieve full cluster compromise.
Deeper analysisAI
CVE-2026-6389 is a high-severity improper privilege management vulnerability (CWE-269) affecting the prometurbo agent in IBM Turbonomic Application Resource Management, versions 8.16.0 through 8.17.6. The flaw arises from the agent granting excessive cluster-wide permissions, including unrestricted read access to all secrets within a Kubernetes cluster. It has a CVSS v3.1 base score of 8.8 (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H), indicating high confidentiality, integrity, and availability impacts with a changed scope.
An attacker with local access and low privileges, such as compromising the operator or its associated service account, can exploit this vulnerability. Successful exploitation enables exfiltration of sensitive credentials stored in cluster secrets, privilege escalation beyond the initial foothold, and potential full compromise of the Kubernetes cluster.
The official IBM security bulletin at https://www.ibm.com/support/pages/node/7270720 provides details on mitigation, including recommended patches and configuration changes to restrict permissions. Security practitioners should review this advisory for version-specific remediation steps.
Details
- CWE(s)