CVE-2026-4740
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Summary
A flaw was found in Open Cluster Management (OCM), the technology underlying Red Hat Advanced Cluster Management (ACM). Improper validation of Kubernetes client certificate renewal allows a managed cluster administrator to forge a client certificate that can be approved by the OCM controller. This enables cross-cluster privilege escalation and may allow an attacker to gain control over other managed clusters, including the hub cluster.
Affected Software
| Vendor | Product | Version Range | Status |
|---|
Weaknesses
- CWE-295: Improper Certificate Validation
Workarounds
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
rhacm: Open Cluster Management (OCM): Cross-cluster privilege escalation via improper Kubernetes client certificate renewal validation
Additional References
- https://access.redhat.com/security/cve/CVE-2026-4740
- https://bugzilla.redhat.com/show_bug.cgi?id=2450590
- https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4740.json
References
- https://access.redhat.com/security/cve/CVE-2026-4740
- https://blog.arfevrier.fr/open-cluster-management-cross-cluster-escape/
- https://bugzilla.redhat.com/show_bug.cgi?id=2450590
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.