CVE-2026-40677
Awaiting Analysis
Awaiting Analysis - Queue
Insecure HTTP Transport in AMD Optional Tools Allows MITM Attacks
Vulnerability report for CVE-2026-40677, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-06-12
Last updated on: 2026-06-12
Assigner: Advanced Micro Devices Inc.
Description
Description
The use of insecure HTTP transport within AMD optional tools could allow an attacker to conduct a man-in-the-middle attack, potentially leading to arbitrary code execution.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| amd | management_console | 14.0.0 |
| amd | ryzen_master | 2.14.3 |
| amd | uprofile | 5.3 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |