VDB
KO
HIGH 8.1

PYSEC-2026-1899

Salt has minion event bus authorization bypass vulnerability

Details

Minion event bus authorization bypass. An attacker with access to a minion key can craft a message which may be able to execute a job on other minions (>= 3007.0).

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / salt
Introduced in: 3006.0 Fixed in: 3006.12
Fix pip install --upgrade 'salt>=3006.12'

References