Severity by source
AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N
Primary rating from Vendor (redhat).
CVSS VectorVendor: redhat
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N
Lifecycle Timeline
1DescriptionCVE.org
ACM/MCE assisted-service writes raw referenced pull-secret contents into InfraEnv.status.conditions[].message when pull-secret validation fails. A namespace principal with the stock view ClusterRole cannot directly read Secrets, but can read InfraEnv objects and recover the referenced Secret's .dockerconfigjson data from status.
This bypasses the Kubernetes/OpenShift RBAC separation between read-only namespace viewers and Secret readers. In the reproduced proof, the same ServiceAccount was denied get and list on Secrets, but recovered synthetic pull-secret username, password, email, and base64 auth fields through InfraEnv.status.
AnalysisAI
Pull-secret credential exposure in Red Hat Advanced Cluster Management (ACM) and Multicluster Engine (MCE) assisted-service leaks the full contents of a referenced pull-secret - including username, password, email, and base64-encoded auth token - into the publicly-readable InfraEnv.status.conditions[].message field when pull-secret validation fails. A low-privileged namespace principal holding the stock Kubernetes view ClusterRole, which is explicitly denied direct get/list on Secret objects, can recover the entire .dockerconfigjson credential payload by reading InfraEnv status. This constitutes a confirmed RBAC bypass (CWE-201) demonstrated via a reproduced proof-of-concept; no active exploitation via CISA KEV has been recorded at time of analysis.
Technical ContextAI
The assisted-service component of Red Hat ACM/MCE manages bare-metal and assisted-installation cluster provisioning on OpenShift. It consumes InfraEnv custom resources that reference Kubernetes Secrets containing Docker/OCI registry pull credentials (.dockerconfigjson). When pull-secret validation fails, assisted-service erroneously serializes the raw Secret contents - including base64-encoded auth fields - into the conditions[].message string within InfraEnv.status. Kubernetes RBAC is designed so that the view ClusterRole grants read access to most namespaced resources but explicitly excludes Secrets; this architecture assumes status subresources of non-Secret CRDs are safe for low-privilege consumers. CWE-201 (Insertion of Sensitive Information Into Sent Data) precisely describes the root cause: the application embeds secret material in an observable, lower-sensitivity data channel, circumventing the access-control boundary. The vulnerability is reachable over the network (AV:N) and requires only low privileges (PR:L), consistent with a namespace-level service account or user.
Affected ProductsAI
Red Hat Advanced Cluster Management (ACM) and Multicluster Engine (MCE) assisted-service components are affected, specifically the assisted-service workload responsible for InfraEnv provisioning on OpenShift clusters. No specific version range or CPE string was provided in the available intelligence data - affected versions should be confirmed via the Red Hat security advisory at https://access.redhat.com/security/cve/CVE-2026-10101 and the associated Bugzilla tracking issue at https://bugzilla.redhat.com/show_bug.cgi?id=2483298. The vulnerability is applicable to any OpenShift deployment running ACM or MCE with the assisted-service operator and InfraEnv resources in use.
RemediationAI
No specific patched version number was confirmed in the available data; administrators should consult the Red Hat security advisory at https://access.redhat.com/security/cve/CVE-2026-10101 and Bugzilla issue https://bugzilla.redhat.com/show_bug.cgi?id=2483298 for patch availability and exact fix versions as Red Hat releases them. As a compensating control, audit all namespace-level principals - including ServiceAccounts - that hold the view ClusterRole or equivalent in namespaces containing InfraEnv resources, and remove or restrict that binding where read access to InfraEnv status is not operationally required; the trade-off is reduced observability for those principals. Additionally, rotate any pull-secrets that may have been exposed via InfraEnv status conditions, particularly for private registries used in cluster provisioning workflows. Where possible, restrict RBAC permissions on InfraEnv status subresources using a custom ClusterRole that explicitly denies or omits status access, pending an upstream fix that removes raw credential content from condition messages.
More in Kubernetes
View allA critical vulnerability in Kubernetes ingress-nginx controller allows unauthenticated attackers with pod network access
Credential-harvesting malware compromised 84 versions of 42 TanStack npm packages on 2026-05-11 via chained GitHub Actio
Kubernetes ingress-nginx contains a configuration injection vulnerability via the mirror-target and mirror-host Ingress
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingres
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-c
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.exter
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated critical severity (CVSS 9.9), this vulne
The Kubernetes integration in GitLab Enterprise Edition 11.x before 11.2.8, 11.3.x before 11.3.9, and 11.4.x before 11.4
Kyverno Kubernetes policy engine prior to 1.x has a privilege escalation vulnerability (CVSS 9.9) allowing policy bypass
Kamaji is the Hosted Control Plane Manager for Kubernetes. Rated critical severity (CVSS 9.9), this vulnerability is rem
Jumpserver is a popular open source bastion host, and Koko is a Jumpserver component that is the Go version of coco, ref
String filter bypass in Inspektor Gadget Kubernetes eBPF tooling before fix. Insufficient string escaping enables filter
Same technique Authentication Bypass
View allVendor StatusVendor
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-33342
GHSA-jxxw-7x7w-4x47