CVE-2026-10843
HighCVSS 7.2Exploitation Probability (EPSS)
Low risk25th percentile - higher than 25% of all known CVEs
Summary
A flaw was found in the OpenShift Cloud Credential Operator Mint-mode IAM policies for AWS. Operator credentials are provisioned with account-wide scope for destructive actions rather than being restricted to cluster-owned resources, enabling cross-scope impact after credential compromise.
Risk Assessment
Compromise of the operator credentials could allow an attacker to perform destructive actions on all AWS resources within the account, beyond the managed cluster, leading to broad impact on the cloud environment.
Recommendation
Immediately update the OpenShift Cloud Credential Operator to a patched version and review/restrict IAM policy scope in Mint mode to only cluster-owned resources.
Original NVD description (English source)
A flaw was found in the OpenShift Cloud Credential Operator Mint-mode IAM policies for AWS. Operator credentials are provisioned with account-wide scope for destructive actions rather than being restricted to cluster-owned resources, enabling cross-scope impact after credential compromise.

