An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. An API management endpoint allows unauthenticated users to obtain both an API identifier and its corresponding secret value. With these exposed secrets, an attacker could invoke privileged API operations, potentially leading to unauthorized access.
CVE-2026-23782
NONE
EPSS 0.07%
Updated Apr 10, 2026
BMC
CVE Details
CVE ID
CVE-2026-23782
Published Date
Apr 10, 2026
Vendor
BMC
Severity
NONE
Exploit Prediction (EPSS)
Probability of Exploit
0.07%
Likelihood of exploitation in next 30 days
Percentile:
21.2th percentile (higher than 21.2% of all CVEs)
Standard patching cycle
Impact
Minimal impact
Source
View Advisory