CVE-2026-54099
HighCVSS 8.8Exploitation Probability (EPSS)
Low risk0th percentile - higher than 0% of all known CVEs
Summary
A flaw in the Windows Machine Config Operator (WMCO) for Red Hat OpenShift Container Platform allows the WICD CSR auto-approver to validate that a Certificate Signing Request contains the organization system:wicd-nodes but does not reject additional organization values such as system:masters. A compromised Windows worker node with WICD credentials can submit a CSR that is auto-approved and signed by the cluster, yielding a client certificate with cluster-administrator privileges.
Risk Assessment
The risk for the organization is a full cluster takeover by an attacker who gains access to a compromised Windows node, potentially leading to unauthorized data access, service disruption, or further escalation within the environment.
Recommendation
Apply the patches provided by Red Hat for WMCO immediately and verify the CSR auto-approval configuration to reject requests with unauthorized organization values. Also restrict access to Windows nodes and monitor CSR activity.
Original NVD description (English source)
A flaw was found in the Windows Machine Config Operator (WMCO) for Red Hat OpenShift Container Platform. The WICD CSR auto-approver validates that a Certificate Signing Request contains the organization system:wicd-nodes but does not reject additional organization values such as system:masters. A compromised Windows worker node that holds WICD credentials can submit a CSR that is auto-approved and signed by the cluster, yielding a client certificate that grants cluster-administrator privileges and enabling full cluster takeover.

