Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-54099— Windows-machine-config-operator: windows-machine-config-operator: wicd csr extra-organization allows privilege escalation to system:masters

CVSS 8.8 · High EPSS 0.07% · P0

Affected Version Matrix 3

VendorProductVersion RangeStatus
Red HatRed Hat OpenShift Container Platform 4anyaffected
anyaffected
Red HatRed Hat OpenShift for Windows Containersanyaffected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-54099

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Windows-machine-config-operator: windows-machine-config-operator: wicd csr extra-organization allows privilege escalation to system:masters
Source: NVD (National Vulnerability Database)
Vulnerability Description
A flaw was found in the Windows Machine Config Operator (WMCO) for Red Hat OpenShift Container Platform. The WICD CSR auto-approver validates that a Certificate Signing Request contains the organization system:wicd-nodes but does not reject additional organization values such as system:masters. A compromised Windows worker node that holds WICD credentials can submit a CSR that is auto-approved and signed by the cluster, yielding a client certificate that grants cluster-administrator privileges and enabling full cluster takeover.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
特权管理不恰当
Source: NVD (National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
Red HatRed Hat OpenShift Container Platform 4-cpe:/a:redhat:openshift:4
Red HatRed Hat OpenShift Container Platform 4-cpe:/a:redhat:openshift:4
Red HatRed Hat OpenShift for Windows Containers-cpe:/a:redhat:windows_machine_config

II. Public POCs for CVE-2026-54099

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-54099

登录查看更多情报信息。

Vendor Advisories for CVE-2026-54099 (1)

Other References for CVE-2026-54099 (1)

Same Patch Batch · Red Hat · 2026-06-22 · 4 CVEs total

CVE-2026-541008.3 HIGHWindows-machine-config-operator: windows-machine-config-operator: ssh host key not verifie
CVE-2026-127255.9 MEDIUMDnsmasq: dnsmasq: heap buffer overflow in log_query() when logging unsupported ds/dnskey r
CVE-2026-125494.8 MEDIUMLibsoup: incomplete fix for cve-2026-2443: range suffix overflow in libsoup soupserver

IV. Related Vulnerabilities

V. Comments for CVE-2026-54099

No comments yet


Leave a comment