CVE Catalog

CVE-2026-54099

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.07%

0th percentile - higher than 0% of all known CVEs

Summary

A flaw in the Windows Machine Config Operator (WMCO) for Red Hat OpenShift Container Platform allows the WICD CSR auto-approver to validate that a Certificate Signing Request contains the organization system:wicd-nodes but does not reject additional organization values such as system:masters. A compromised Windows worker node with WICD credentials can submit a CSR that is auto-approved and signed by the cluster, yielding a client certificate with cluster-administrator privileges.

Risk Assessment

The risk for the organization is a full cluster takeover by an attacker who gains access to a compromised Windows node, potentially leading to unauthorized data access, service disruption, or further escalation within the environment.

Recommendation

Apply the patches provided by Red Hat for WMCO immediately and verify the CSR auto-approval configuration to reject requests with unauthorized organization values. Also restrict access to Windows nodes and monitor CSR activity.

Original NVD description (English source)

A flaw was found in the Windows Machine Config Operator (WMCO) for Red Hat OpenShift Container Platform. The WICD CSR auto-approver validates that a Certificate Signing Request contains the organization system:wicd-nodes but does not reject additional organization values such as system:masters. A compromised Windows worker node that holds WICD credentials can submit a CSR that is auto-approved and signed by the cluster, yielding a client certificate that grants cluster-administrator privileges and enabling full cluster takeover.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS