Skip to main content

Multicluster Engine For Kubernetes

2 CVEs product

Monthly

CVE-2026-7163 MEDIUM PATCH This Month

Authenticated users with minimal namespace-scoped privileges can obtain administrative credentials for arbitrary OpenShift clusters provisioned through the MCE hub via the assisted-service REST API. The vulnerability exists in AUTH_TYPE=local mode (the only mode available in on-premises deployments), where the local authenticator grants full administrative access to any request bearing a valid JWT with no per-endpoint restrictions. A valid JWT is embedded as plaintext in the InfraEnvStatus.ISODownloadURL, readable by any user with get rights on an InfraEnv object, enabling extraction of kubeadmin passwords and kubeconfigs for all spoke clusters.

Information Disclosure Red Hat Multicluster Engine For Kubernetes
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-4740 Go HIGH PATCH GHSA This Week

Improper certificate validation in Red Hat's Open Cluster Management (OCM) and Multicluster Engine for Kubernetes allows managed cluster administrators with high-level local access to forge client certificates, achieving cross-cluster privilege escalation to other managed clusters including the hub cluster. The CVSS 8.2 rating reflects high impact across confidentiality, integrity, and availability with scope change, though exploitation requires existing high-privilege local access (PR:H) and local attack vector (AV:L). No public exploit code or CISA KEV listing identified at time of analysis, though technical details are publicly documented in researcher blog post.

Privilege Escalation Red Hat Kubernetes Multicluster Engine For Kubernetes
NVD
CVSS 3.1
8.2
EPSS
0.0%
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Authenticated users with minimal namespace-scoped privileges can obtain administrative credentials for arbitrary OpenShift clusters provisioned through the MCE hub via the assisted-service REST API. The vulnerability exists in AUTH_TYPE=local mode (the only mode available in on-premises deployments), where the local authenticator grants full administrative access to any request bearing a valid JWT with no per-endpoint restrictions. A valid JWT is embedded as plaintext in the InfraEnvStatus.ISODownloadURL, readable by any user with get rights on an InfraEnv object, enabling extraction of kubeadmin passwords and kubeconfigs for all spoke clusters.

Information Disclosure Red Hat Multicluster Engine For Kubernetes
NVD VulDB
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Improper certificate validation in Red Hat's Open Cluster Management (OCM) and Multicluster Engine for Kubernetes allows managed cluster administrators with high-level local access to forge client certificates, achieving cross-cluster privilege escalation to other managed clusters including the hub cluster. The CVSS 8.2 rating reflects high impact across confidentiality, integrity, and availability with scope change, though exploitation requires existing high-privilege local access (PR:H) and local attack vector (AV:L). No public exploit code or CISA KEV listing identified at time of analysis, though technical details are publicly documented in researcher blog post.

Privilege Escalation Red Hat Kubernetes +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy