CVE-2026-54100

A flaw was found in the Windows Machine Config Operator (WMCO) for Red Hat OpenShift Container Platform. WMCO establishes SSH connections to Windows worker nodes without verifying the remote server host key. An adjacent-network attacker who can intercept or redirect WMCO's SSH session can capture WICD and kubelet bootstrap credentials transferred during node configuration, enabling compromise of Windows node identities in the cluster.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:redhat:openshift_container_platform:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:windows_machine_config_operator:-:*:*:*:*:*:*:*

History

08 Jul 2026, 15:10

Type Values Removed Values Added
CPE cpe:2.3:a:redhat:openshift_container_platform:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:windows_machine_config_operator:-:*:*:*:*:*:*:*
First Time Redhat windows Machine Config Operator
Redhat
Redhat openshift Container Platform
References () https://access.redhat.com/security/cve/CVE-2026-54100 - () https://access.redhat.com/security/cve/CVE-2026-54100 - Vendor Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=2487953 - () https://bugzilla.redhat.com/show_bug.cgi?id=2487953 - Issue Tracking, Vendor Advisory
References () https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-54100.json - () https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-54100.json - Vendor Advisory

30 Jun 2026, 03:21

Type Values Removed Values Added
References
  • () https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-54100.json -
References () https://access.redhat.com/security/cve/CVE-2026-54100 - () https://access.redhat.com/security/cve/CVE-2026-54100 -
References () https://bugzilla.redhat.com/show_bug.cgi?id=2487953 - () https://bugzilla.redhat.com/show_bug.cgi?id=2487953 -

22 Jun 2026, 14:17

Type Values Removed Values Added
New CVE

Information

Published : 2026-06-22 14:17

Updated : 2026-07-08 15:10


NVD link : CVE-2026-54100

Mitre link : CVE-2026-54100

CVE.ORG link : CVE-2026-54100


JSON object : View

Products Affected

redhat

  • windows_machine_config_operator
  • openshift_container_platform
CWE
CWE-295

Improper Certificate Validation