{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-54099", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2026-06-11T19:02:42.736Z", "datePublished": "2026-06-22T12:46:04.051Z", "dateUpdated": "2026-06-23T03:55:53.995Z"}, "containers": {"cna": {"title": "Windows-machine-config-operator: windows-machine-config-operator: wicd csr extra-organization allows privilege escalation to system:masters", "metrics": [{"other": {"content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in the Windows Machine Config Operator (WMCO) for Red Hat OpenShift Container Platform. The WICD CSR auto-approver validates that a Certificate Signing Request contains the organization system:wicd-nodes but does not reject additional organization values such as system:masters. A compromised Windows worker node that holds WICD credentials can submit a CSR that is auto-approved and signed by the cluster, yielding a client certificate that grants cluster-administrator privileges and enabling full cluster takeover."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openshift4-wincw/windows-machine-config-rhel8-operator", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openshift4-wincw/windows-machine-config-rhel9-operator", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift for Windows Containers", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openshift4-wincw/windows-machine-config-rhel9-operator", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:windows_machine_config"]}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-54099", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487950", "name": "RHBZ#2487950", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2026-06-10T00:00:00.000Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-269", "description": "Improper Privilege Management", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-269: Improper Privilege Management", "workarounds": [{"lang": "en", "value": "At this time, no mitigation or workaround is available for this vulnerability. Customers are advised to apply the appropriate updates as they become available."}], "timeline": [{"lang": "en", "time": "2026-06-11T00:00:00.000Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-06-10T00:00:00.000Z", "value": "Made public."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-06-22T12:46:04.051Z"}, "x_generator": {"engine": "cvelib 1.8.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-22T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-54099"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-23T03:55:53.995Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-54099", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-06-22T16:08:02.844473Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-22T16:08:05.366Z"}}], "cna": {"title": "Windows-machine-config-operator: windows-machine-config-operator: wicd csr extra-organization allows privilege escalation to system:masters", "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"cpes": ["cpe:/a:redhat:openshift:4"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "packageName": "openshift4-wincw/windows-machine-config-rhel8-operator", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift:4"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "packageName": "openshift4-wincw/windows-machine-config-rhel9-operator", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:windows_machine_config"], "vendor": "Red Hat", "product": "Red Hat OpenShift for Windows Containers", "packageName": "openshift4-wincw/windows-machine-config-rhel9-operator", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}], "timeline": [{"lang": "en", "time": "2026-06-11T00:00:00.000Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-06-10T00:00:00.000Z", "value": "Made public."}], "datePublic": "2026-06-10T00:00:00.000Z", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-54099", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487950", "name": "RHBZ#2487950", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "workarounds": [{"lang": "en", "value": "At this time, no mitigation or workaround is available for this vulnerability. Customers are advised to apply the appropriate updates as they become available."}], "x_generator": {"engine": "cvelib 1.8.0"}, "descriptions": [{"lang": "en", "value": "A flaw was found in the Windows Machine Config Operator (WMCO) for Red Hat OpenShift Container Platform. The WICD CSR auto-approver validates that a Certificate Signing Request contains the organization system:wicd-nodes but does not reject additional organization values such as system:masters. A compromised Windows worker node that holds WICD credentials can submit a CSR that is auto-approved and signed by the cluster, yielding a client certificate that grants cluster-administrator privileges and enabling full cluster takeover."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-269", "description": "Improper Privilege Management"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-06-22T12:46:04.051Z"}, "x_redhatCweChain": "CWE-269: Improper Privilege Management"}}, "cveMetadata": {"cveId": "CVE-2026-54099", "state": "PUBLISHED", "dateUpdated": "2026-06-23T03:55:53.995Z", "dateReserved": "2026-06-11T19:02:42.736Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2026-06-22T12:46:04.051Z", "assignerShortName": "redhat"}, "dataVersion": "5.2"}

{}

{"bugzilla": {"description": "windows-machine-config-operator: windows-machine-config-operator: WICD CSR extra-Organization allows privilege escalation to system:masters", "id": "2487950", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487950"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-269", "details": ["A flaw was found in the Windows Machine Config Operator (WMCO) for Red Hat OpenShift Container Platform. The WICD CSR auto-approver validates that a Certificate Signing Request contains the organization system:wicd-nodes but does not reject additional organization values such as system:masters. A compromised Windows worker node that holds WICD credentials can submit a CSR that is auto-approved and signed by the cluster, yielding a client certificate that grants cluster-administrator privileges and enabling full cluster takeover."], "mitigation": {"lang": "en:us", "value": "At this time, no mitigation or workaround is available for this vulnerability. Customers are advised to apply the appropriate updates as they become available."}, "name": "CVE-2026-54099", "package_state": [{"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4-wincw/windows-machine-config-rhel8-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4-wincw/windows-machine-config-rhel9-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:windows_machine_config", "fix_state": "Affected", "package_name": "openshift4-wincw/windows-machine-config-rhel9-operator", "product_name": "Red Hat OpenShift for Windows Containers"}], "public_date": "2026-06-10T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-54099\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-54099"], "statement": "This flaw affects OpenShift clusters running the Windows Machine Config Operator (WMCO) with one or more Windows worker nodes. Clusters without Windows nodes or without WMCO are not affected. Exploitation requires compromising a Windows worker node and obtaining WICD credentials from that node. Red Hat Security Ratings classify this as Important because a successful attack grants cluster-administrator access from a compromised Windows node.", "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": null}], "enrichment": {"confidence": 86.0, "confidence_source": "matching", "scores": [{"score": 86.0, "source": "matching"}]}, "original": {"product": "Red Hat OpenShift Container Platform 4", "source": "cna", "vendor": "Red Hat"}, "product": "openshift_container_platform", "vendor": "redhat"}, {"configurations": [{"platform": null, "status": "affected", "versions": null}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "Red Hat OpenShift for Windows Containers", "source": "cna", "vendor": "Red Hat"}, "product": "openshift_for_windows_containers", "vendor": "redhat"}], "created": "2026-06-22T15:15:03.469392+00:00", "updated": "2026-06-24T20:41:27.433939+00:00", "vendors": ["redhat", "redhat$PRODUCT$openshift_container_platform", "redhat$PRODUCT$openshift_for_windows_containers"]}