CVE-2026-54099
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Summary
A flaw was found in the Windows Machine Config Operator (WMCO) for Red Hat OpenShift Container Platform. The WICD CSR auto-approver validates that a Certificate Signing Request contains the organization system:wicd-nodes but does not reject additional organization values such as system:masters. A compromised Windows worker node that holds WICD credentials can submit a CSR that is auto-approved and signed by the cluster, yielding a client certificate that grants cluster-administrator privileges and enabling full cluster takeover.
Affected Software
| Vendor | Product | Version Range | Status |
|---|
Weaknesses
- CWE-269: Improper Privilege Management
Workarounds
At this time, no mitigation or workaround is available for this vulnerability. Customers are advised to apply the appropriate updates as they become available.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
windows-machine-config-operator: windows-machine-config-operator: WICD CSR extra-Organization allows privilege escalation to system:masters
Additional References
- https://access.redhat.com/security/cve/CVE-2026-54099
- https://bugzilla.redhat.com/show_bug.cgi?id=2487950
- https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-54099.json
References
- https://access.redhat.com/security/cve/CVE-2026-54099
- https://bugzilla.redhat.com/show_bug.cgi?id=2487950
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.