CVE-2026-8668
Severity CVSS v4.0:
LOW
Type:
Unavailable / Other
Publication date:
18/06/2026
Last modified:
22/06/2026
Description
A static credential embedded in Chef 360 prior to v1.7.0 permitted unauthenticated access to internal message queues. Queue messages contained tenant-specific identifiers. The credential has been rotated and replaced with per-tenant access in subsequent versions, eliminating this access method entirely.



