Is CVE-2026-6389 actively exploited?

CVE-2026-6389 has no public evidence of in-the-wild exploitation as of 2026-04-30.

What is the CVSS score for CVE-2026-6389?

CVE-2026-6389 has a CVSS score of 8.8 (HIGH severity). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H.

How do I patch CVE-2026-6389?

Patch guidance is available from IBM security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2026-6389.

Which products are affected by CVE-2026-6389?

1 product: IBM Refer to Description.

Fix CVE-2026-6389 - HIGH IBM Refer to Description

Description

IBM Turbonomic prometurbo agent 8.16.0 through 8.17.6 IBM Turbonomic Application Resource Management grants excessive cluster‑wide permissions, including unrestricted read access to all secrets. An attacker that compromises the operator or its service account can exfiltrate sensitive credentials, escalate privileges, and potentially achieve full cluster compromise.

CVSS Metrics

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack Vector: local
Complexity: low
Privileges: low
User Action: none
Scope: changed
Confidentiality: high
Integrity: high
Availability: high
Weaknesses: CWE-269 · Improper Privilege Management

Metadata

Primary Vendor: IBM
Published: 4/30/2026
Last Modified: 4/30/2026
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

CVE-2026-6389

Description

CVSS Metrics

Metadata

Affected Products

Remediation Guidance

Executive Summary