VYPR
Critical severity9.8OSV Advisory· Published Jun 10, 2016· Updated Jun 17, 2026

CVE-2016-2786

CVE-2016-2786

Description

The pxp-agent component in Puppet Enterprise 2015.3.x before 2015.3.3 and Puppet Agent 1.3.x before 1.3.6 does not properly validate server certificates, which might allow remote attackers to spoof brokers and execute arbitrary commands via a crafted certificate.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

10
  • 0.1.0, 0.1.3, 0.2.0, …+ 6 more
    • (no CPE)range: 0.1.0, 0.1.3, 0.2.0, …
    • cpe:2.3:a:puppet:puppet_agent:1.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet_agent:1.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet_agent:1.3.2:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet_agent:1.3.4:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet_agent:1.3.5:*:*:*:*:*:*:*
    • (no CPE)range: >= 1.3, < 1.3.6
  • cpe:2.3:a:puppet:puppet_enterprise:2015.3.0:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:puppet:puppet_enterprise:2015.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet_enterprise:2015.3.2:*:*:*:*:*:*:*
    • (no CPE)range: >= 2015.3, < 2015.3.3

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.