Bmc Control-m/managed File Transfer — known CVE vulnerabilities
Every CVE whose affected-product data names Bmc Control-m/managed File Transfer, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2026-23781 — CVSS 9.8 (critical): An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A set of default debug user credentials is hardcoded in cleartext…
CVE-2026-23780 — CVSS 8.8 (high): An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A SQL injection vulnerability in the MFT API's debug interface allows…
CVE-2026-23782 — CVSS 7.5 (high): An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. An API management endpoint allows unauthenticated users to obtain both…