A flaw was found in the Windows Machine Config Operator (WMCO) for Red Hat OpenShift Container Platform. The WICD CSR auto-approver validates that a Certificate Signing Request contains the organization system:wicd-nodes but does not reject additional organization values such as system:masters. A compromised Windows worker node that holds WICD credentials can submit a CSR that is auto-approved and signed by the cluster, yielding a client certificate that grants cluster-administrator privileges and enabling full cluster takeover.
References
| Link | Resource |
|---|---|
| https://access.redhat.com/security/cve/CVE-2026-54099 | Vendor Advisory |
| https://bugzilla.redhat.com/show_bug.cgi?id=2487950 | Issue Tracking Vendor Advisory |
| https://access.redhat.com/security/cve/CVE-2026-54099 | Vendor Advisory |
| https://bugzilla.redhat.com/show_bug.cgi?id=2487950 | Issue Tracking Vendor Advisory |
| https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-54099.json | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
08 Jul 2026, 15:10
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://access.redhat.com/security/cve/CVE-2026-54099 - Vendor Advisory | |
| References | () https://bugzilla.redhat.com/show_bug.cgi?id=2487950 - Issue Tracking, Vendor Advisory | |
| References | () https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-54099.json - Vendor Advisory | |
| First Time |
Redhat windows Machine Config Operator
Redhat Redhat openshift Container Platform |
|
| CPE | cpe:2.3:a:redhat:openshift_container_platform:*:*:*:*:*:*:*:* cpe:2.3:a:redhat:windows_machine_config_operator:-:*:*:*:*:*:*:* |
30 Jun 2026, 03:20
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
|
| References | () https://access.redhat.com/security/cve/CVE-2026-54099 - | |
| References | () https://bugzilla.redhat.com/show_bug.cgi?id=2487950 - |
22 Jun 2026, 14:17
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-06-22 14:17
Updated : 2026-07-08 15:10
NVD link : CVE-2026-54099
Mitre link : CVE-2026-54099
CVE.ORG link : CVE-2026-54099
JSON object : View
Products Affected
redhat
- windows_machine_config_operator
- openshift_container_platform
CWE
CWE-269
Improper Privilege Management
