CVE-2026-24711

🔶 medium

🔍 Scan for this CVE

Northern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and 3.27.0 has Incorrect Access Control.

CVSS Score

5.3

Medium

EPSS Score

0.0

Exploit Probability

Published Date

2026-05-14

First Seen: 2026-05-17

This CVE is Lower Risk - more severe than 19.7% of all 328,009 vulnerabilities in our database.

#263,349

Below average severity

Severity Percentile

🔍 Exploitation Status

None

No known exploits

⚙️ Automatable

YES

Can be exploited automatically

💥 Technical Impact

Partial

Limited system impact

SSVC data provided by CISA

Last Modified 2026-05-19

Source NVD 🔗

CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE IDs (Weakness Types)

CWE-284

📦 Affected Products 3

Vendor	Product	Status	Affected Versions
northern.tech	cfengine	Affected	< 3.21.8
northern.tech	cfengine	Affected	> 3.24.0 < 3.24.3
northern.tech	cfengine	Affected	v3.26.0

Mitigation Vendor Advisory

https://northern.tech

Product

CVE ID	Severity	CVSS	EPSS	Summary	Published
CVE-2026-24710	🔶 medium	6.1	0.0	Northern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and 3.27.0 allows XSS.	2026-05-14
CVE-2026-24712	⚠️ high	7.3	0.4	Northern.tech CFEngine Enterprise and Community before 3.21.8, 3.24.3, and 3.27.0 allows Command injection.	2026-05-14
CVE-2023-45684	⚠️ high	7.5	0.6	Northern.tech CFEngine Enterprise before 3.21.3 allows SQL Injection. The fixed versions are 3.18.6 and 3.21.3. The earl...	2023-11-14
CVE-2023-26560	🔶 medium	6.5	0.3	Northern.tech CFEngine Enterprise before 3.21.1 allows a subset of authenticated users to leverage the Scheduled Reports...	2023-04-26
CVE-2021-44215	🔶 medium	5.5	0.1	Northern.tech CFEngine Enterprise 3.15.4 before 3.15.5 has Insecure Permissions that may allow unauthorized local users ...	2022-03-10
CVE-2021-44216	🔶 medium	5.5	0.1	Northern.tech CFEngine Enterprise before 3.15.5 and 3.18.x before 3.18.1 has Insecure Permissions that may allow unautho...	2022-03-10

These CVEs affect the same products