[Critical] CVE-2026-39910 – STACKIT IaaS API contains a missing authorization check vulnerability that allow...
Critical CVE-2026-39910 STACKIT IaaS API contains a missing authorization check vulnerability that allows authenticated, low-privileged attackers to escalate privileges to full organization compromise by attaching arbitrary service accounts to virtual machines they control. Attackers can exploit...