Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
5DescriptionNVD
A vulnerability in the assisted-service REST API, an optional Assisted Installer (assisted-service) component in the Multicluster Engine (MCE), allows an authenticated user with minimal namespace-scoped privileges to obtain administrative credentials for arbitrary clusters provisioned through the hub.
The credentials download endpoint (GET /v2/clusters/{cluster_id}/credentials, which returns the kubeadmin password) and the kubeconfig download endpoint are operational in AUTH_TYPE=local mode, the only authentication mode available in on-premises ACM/MCE hub deployments. The local authenticator unconditionally grants full administrative access to any request bearing a valid JWT, with no per-endpoint restrictions. A valid local JWT is embedded as a plaintext query parameter in InfraEnvStatus.ISODownloadURL and is readable by any user who has get rights on an InfraEnv object in their own namespace.
The affected components ship as part of Multicluster Engine (MCE). The Red Hat Advanced Cluster Management (ACM) deployments that include MCE are equally affected. This issue does not affect the hosted SaaS offering (console.redhat.com), which uses a different authentication mode.
Successful exploitation gives the attacker the kubeadmin password and kubeconfig for any OpenShift cluster provisioned through the affected hub, granting unrestricted root-level administrative access to those spoke clusters.
AnalysisAI
Authenticated users with minimal namespace-scoped privileges can obtain administrative credentials for arbitrary OpenShift clusters provisioned through the MCE hub via the assisted-service REST API. The vulnerability exists in AUTH_TYPE=local mode (the only mode available in on-premises deployments), where the local authenticator grants full administrative access to any request bearing a valid JWT with no per-endpoint restrictions. A valid JWT is embedded as plaintext in the InfraEnvStatus.ISODownloadURL, readable by any user with get rights on an InfraEnv object, enabling extraction of kubeadmin passwords and kubeconfigs for all spoke clusters.
Technical ContextAI
The assisted-service component provides REST API endpoints for cluster provisioning and credential management. The credentials download endpoint (GET /v2/clusters/{cluster_id}/credentials) and kubeconfig download endpoint are protected by a local authenticator in on-premises ACM/MCE deployments. This authenticator derives from CWE-312 (Cleartext Storage of Sensitive Information) because valid JWTs are stored as plaintext query parameters in the ISODownloadURL field of InfraEnvStatus objects. The vulnerability stems from a broken authorization model where the local authenticator does not implement per-endpoint access controls or role-based restrictions. In AUTH_TYPE=local mode, any valid JWT grants unconditional access to these credential endpoints regardless of the user's actual role or entitlements. The InfraEnv object is namespace-scoped, meaning an attacker with get permissions in their own namespace can read the URL and extract the embedded JWT, then use it to access credentials for any cluster managed by the hub.
RemediationAI
Upgrade to a patched version of MCE that implements per-endpoint authorization restrictions in the assisted-service local authenticator. Red Hat must provide a specific patch version number; check https://access.redhat.com/security/cve/CVE-2026-7163 for the exact remediation version. As immediate compensating controls: (1) Restrict read access to InfraEnv objects in the cluster namespace to only users who absolutely require it (e.g., cluster provisioning operators), removing access from general developers or testers. (2) Disable the assisted-service component entirely if cluster provisioning is not actively in use, then re-enable only during provisioning windows. (3) Implement namespace isolation and RBAC policies to prevent users from viewing InfraEnv metadata in shared namespaces. (4) Migrate to a different authentication mode (e.g., OAuth2 or OIDC) if supported by your MCE deployment, or upgrade to a version that uses per-endpoint authorization in local mode. (5) Audit logs to identify users who have accessed InfraEnv objects and obtained JWTs; assume spoke cluster credentials are compromised for any such users. Note that these controls mitigate access to the JWT but do not block exploitation once a JWT is obtained; the patch is necessary for complete remediation.
Same weakness CWE-312 – Cleartext Storage of Sensitive Information
View allSame technique Information Disclosure
View allVendor StatusVendor
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-26374