Skip to main content

EUVDEUVD-2026-34248

| CVE-2026-10840 HIGH
Incorrect Permission Assignment for Critical Resource (CWE-732)
2026-06-04 secalert@redhat.com GHSA-35w7-q98m-gqgx
7.1
CVSS 3.1 · Vendor: redhat
Share

Severity by source

Vendor (redhat) PRIMARY
7.1 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Red Hat
9.6 HIGH
qualitative

Primary rating from Vendor (redhat).

CVSS VectorVendor: redhat

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
High

Lifecycle Timeline

6
Analysis Updated
Jun 09, 2026 - 09:28 vuln.today
v3 (cvss_changed)
Analysis Updated
Jun 09, 2026 - 09:27 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jun 09, 2026 - 09:22 vuln.today
cvss_changed
Severity Changed
Jun 09, 2026 - 09:22 NVD
CRITICAL HIGH
CVSS changed
Jun 09, 2026 - 09:22 NVD
9.6 (CRITICAL) 7.1 (HIGH)
Analysis Generated
Jun 04, 2026 - 12:30 vuln.today

DescriptionCVE.org

A flaw was found in the OpenShift Pipelines operator. The tekton-scheduler-rolebinding ClusterRoleBinding grants the system:authenticated group write access to Kueue and cert-manager custom resources via the tekton-scheduler-role ClusterRole. When Kueue or cert-manager CRDs are present on the cluster, any authenticated user can disrupt workload scheduling, tamper with scheduling priorities, delete other tenants' Workload objects, or induce cert-manager to overwrite TLS Secrets including the default ingress controller certificate.

AnalysisAI

Privilege escalation via overly permissive RBAC in Red Hat OpenShift Pipelines operator allows any authenticated cluster user to write to Kueue and cert-manager custom resources, enabling disruption of multi-tenant workload scheduling and tampering with cluster TLS certificates. The flaw stems from the tekton-scheduler-rolebinding ClusterRoleBinding granting system:authenticated overly broad write permissions. EPSS is very low (0.02%) and there is no public exploit identified at time of analysis, but the attack requires only basic cluster authentication.

Vendor StatusVendor

Share

EUVD-2026-34248 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy