PYSEC-2026-1899

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/salt/PYSEC-2026-1899.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-1899
Aliases
Published
2026-07-07T16:02:54.687467Z
Modified
2026-07-07T17:48:09.259513545Z
Severity
  • 8.1 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L CVSS Calculator
Summary
Salt has minion event bus authorization bypass vulnerability
Details

Minion event bus authorization bypass. An attacker with access to a minion key can craft a message which may be able to execute a job on other minions (>= 3007.0).

References

Affected packages

PyPI / salt

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3006.0
Fixed
3006.12
Introduced
3007.0
Fixed
3007.4

Affected versions

3006.*
3006.0
3006.1
3006.2
3006.3
3006.4
3006.5
3006.6
3006.7
3006.8
3006.9
3006.10
3006.11
3007.*
3007.0
3007.1
3007.2
3007.3

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/salt/PYSEC-2026-1899.yaml"