Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2026-54099

A flaw was found in the Windows Machine Config Operator (WMCO) for Red Hat OpenShift Container Platform. The WICD CSR auto-approver validates that a Certificate Signing Request contains the organization system:wicd-nodes but does not reject additional organization values such as system:masters. A compromised Windows worker node that holds WICD credentials can submit a CSR that is auto-approved and signed by the cluster, yielding a client certificate that grants cluster-administrator privileges and enabling full cluster takeover.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 0.1%
CVSS Severity
CVSS v3 Score 8.8
Products affected by CVE-2026-54099


Contact Us

Shodan ® - All rights reserved