CVE-2026-54099: Improper Privilege Management in Red Hat Red Hat OpenShift Container Platform 4
A flaw was found in the Windows Machine Config Operator (WMCO) for Red Hat OpenShift Container Platform. The WICD CSR auto-approver validates that a Certificate Signing Request contains the organization system:wicd-nodes but does not reject additional organization values such as system:masters. A compromised Windows worker node that holds WICD credentials can submit a CSR that is auto-approved and signed by the cluster, yielding a client certificate that grants cluster-administrator privileges and enabling full cluster takeover.
AI Analysis
Technical Summary
The vulnerability exists because the WMCO's WICD CSR auto-approver only verifies that the CSR contains the organization system:wicd-nodes but does not reject additional organization values such as system:masters. An attacker controlling a Windows worker node with WICD credentials can exploit this by submitting a specially crafted CSR that the cluster auto-approves and signs. The resulting client certificate grants cluster-admin privileges, allowing the attacker to fully compromise the OpenShift cluster.
Potential Impact
Successful exploitation leads to full cluster takeover with cluster-administrator privileges. This compromises confidentiality, integrity, and availability of the entire OpenShift Container Platform cluster, potentially allowing an attacker to control all workloads and cluster resources.
Mitigation Recommendations
Patch status is not yet confirmed — check the Red Hat advisory at https://access.redhat.com/security/cve/CVE-2026-54099 for current remediation guidance. Until an official fix is available, restrict access to Windows worker nodes and WICD credentials to trusted personnel only to reduce risk.
CVE-2026-54099: Improper Privilege Management in Red Hat Red Hat OpenShift Container Platform 4
Description
A flaw was found in the Windows Machine Config Operator (WMCO) for Red Hat OpenShift Container Platform. The WICD CSR auto-approver validates that a Certificate Signing Request contains the organization system:wicd-nodes but does not reject additional organization values such as system:masters. A compromised Windows worker node that holds WICD credentials can submit a CSR that is auto-approved and signed by the cluster, yielding a client certificate that grants cluster-administrator privileges and enabling full cluster takeover.
CVSS v3.1
Score 8.8high
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability exists because the WMCO's WICD CSR auto-approver only verifies that the CSR contains the organization system:wicd-nodes but does not reject additional organization values such as system:masters. An attacker controlling a Windows worker node with WICD credentials can exploit this by submitting a specially crafted CSR that the cluster auto-approves and signs. The resulting client certificate grants cluster-admin privileges, allowing the attacker to fully compromise the OpenShift cluster.
Potential Impact
Successful exploitation leads to full cluster takeover with cluster-administrator privileges. This compromises confidentiality, integrity, and availability of the entire OpenShift Container Platform cluster, potentially allowing an attacker to control all workloads and cluster resources.
Mitigation Recommendations
Patch status is not yet confirmed — check the Red Hat advisory at https://access.redhat.com/security/cve/CVE-2026-54099 for current remediation guidance. Until an official fix is available, restrict access to Windows worker nodes and WICD credentials to trusted personnel only to reduce risk.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- redhat
- Date Reserved
- 2026-06-11T19:02:42.736Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://access.redhat.com/security/cve/CVE-2026-54099","vendor":"Red Hat"}]
Threat ID: 6a393e8aeed863c81ee5cd69
Added to database: 06/22/2026, 13:54:18 UTC
Last enriched: 06/22/2026, 14:09:45 UTC
Last updated: 06/22/2026, 21:57:07 UTC
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.