CVE Catalog

CVE-2026-10843

HighCVSS 7.2
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.33%

25th percentile - higher than 25% of all known CVEs

Summary

A flaw was found in the OpenShift Cloud Credential Operator Mint-mode IAM policies for AWS. Operator credentials are provisioned with account-wide scope for destructive actions rather than being restricted to cluster-owned resources, enabling cross-scope impact after credential compromise.

Risk Assessment

Compromise of the operator credentials could allow an attacker to perform destructive actions on all AWS resources within the account, beyond the managed cluster, leading to broad impact on the cloud environment.

Recommendation

Immediately update the OpenShift Cloud Credential Operator to a patched version and review/restrict IAM policy scope in Mint mode to only cluster-owned resources.

Original NVD description (English source)

A flaw was found in the OpenShift Cloud Credential Operator Mint-mode IAM policies for AWS. Operator credentials are provisioned with account-wide scope for destructive actions rather than being restricted to cluster-owned resources, enabling cross-scope impact after credential compromise.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS