This vulnerability arises from an incorrect permission assignment in the OpenShift Pipelines operator's tekton-scheduler-rolebinding ClusterRoleBinding. It grants write access to the system:authenticated group over Kueue and cert-manager custom resources via the tekton-scheduler-role ClusterRole. When Kueue or cert-manager CRDs are installed on the cluster, any authenticated user can exploit this to interfere with workload scheduling, tamper with scheduling priorities, delete workloads belonging to other tenants, or induce cert-manager to overwrite TLS Secrets, including critical certificates such as the default ingress controller certificate. The CVSS v3.1 score is 9.6, indicating a critical severity with network attack vector, low attack complexity, low privileges required, no user interaction, and a scope change with high impact on integrity and availability but no confidentiality impact.

Exploitation of this vulnerability allows any authenticated user on the cluster to disrupt workload scheduling, manipulate scheduling priorities, delete workloads of other tenants, and overwrite TLS Secrets managed by cert-manager, including the default ingress controller certificate. This can lead to denial of service and integrity violations within the cluster's workload management and TLS infrastructure. There is no direct confidentiality impact reported.

Patch status is not yet confirmed — check the Red Hat advisory at https://access.redhat.com/security/cve/CVE-2026-10840 for current remediation guidance. No official fix or temporary workaround is explicitly stated in the provided advisory content. Until a patch is available, consider restricting authenticated user permissions and reviewing role bindings related to tekton-scheduler-rolebinding to limit write access to critical custom resources.