A vulnerability categorized as critical has been discovered in migration-planner up to 0.13.4 . Affected is an unknown function of the file /api/v1/sources of the component OVA Image Handler . The manipulation results in authorization bypass. This vulnerability is reported as CVE-2026-53470 . The attack can be launched remotely. No exploit exists. It is advisable to upgrade the affected component.