Skip to main content

Red Hat Openshift For Windows Containers

2 CVEs product

Monthly

CVE-2026-54100 HIGH This Week

Credential theft in Red Hat OpenShift Container Platform's Windows Machine Config Operator (WMCO) allows adjacent-network attackers to intercept SSH sessions to Windows worker nodes and steal WICD and kubelet bootstrap credentials. WMCO fails to verify the remote SSH host key when configuring Windows nodes, enabling a man-in-the-middle attacker positioned on the cluster network to capture credentials sufficient to assume Windows node identities. No public exploit identified at time of analysis, and the issue is not in CISA KEV.

Information Disclosure Microsoft Red Hat Red Hat Openshift Container Platform 4 Red Hat Openshift For Windows Containers
NVD
CVSS 3.1
8.3
EPSS
0.2%
CVE-2026-54099 HIGH This Week

Privilege escalation in the Windows Machine Config Operator (WMCO) for Red Hat OpenShift Container Platform allows a compromised Windows worker node holding WICD credentials to obtain a cluster-administrator client certificate. The WICD CSR auto-approver checks for the system:wicd-nodes organization but fails to reject additional organization values such as system:masters, enabling full cluster takeover. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Privilege Escalation Microsoft Red Hat Red Hat Openshift Container Platform 4 Red Hat Openshift For Windows Containers
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
EPSS 0% CVSS 8.3
HIGH This Week

Credential theft in Red Hat OpenShift Container Platform's Windows Machine Config Operator (WMCO) allows adjacent-network attackers to intercept SSH sessions to Windows worker nodes and steal WICD and kubelet bootstrap credentials. WMCO fails to verify the remote SSH host key when configuring Windows nodes, enabling a man-in-the-middle attacker positioned on the cluster network to capture credentials sufficient to assume Windows node identities. No public exploit identified at time of analysis, and the issue is not in CISA KEV.

Information Disclosure Microsoft Red Hat +2
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Privilege escalation in the Windows Machine Config Operator (WMCO) for Red Hat OpenShift Container Platform allows a compromised Windows worker node holding WICD credentials to obtain a cluster-administrator client certificate. The WICD CSR auto-approver checks for the system:wicd-nodes organization but fails to reject additional organization values such as system:masters, enabling full cluster takeover. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Privilege Escalation Microsoft Red Hat +2
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy