CVE-2026-54099

Summary

A flaw was found in the Windows Machine Config Operator (WMCO) for Red Hat OpenShift Container Platform. The WICD CSR auto-approver validates that a Certificate Signing Request contains the organization system:wicd-nodes but does not reject additional organization values such as system:masters. A compromised Windows worker node that holds WICD credentials can submit a CSR that is auto-approved and signed by the cluster, yielding a client certificate that grants cluster-administrator privileges and enabling full cluster takeover.

Affected Software

VendorProductVersion RangeStatus

Weaknesses

  • CWE-269: Improper Privilege Management

Workarounds

At this time, no mitigation or workaround is available for this vulnerability. Customers are advised to apply the appropriate updates as they become available.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

windows-machine-config-operator: windows-machine-config-operator: WICD CSR extra-Organization allows privilege escalation to system:masters

Additional References

References