SSH Connection Vulnerability in Windows Machine Config Operator for Red Hat OpenShift
CVE-2026-54100

8.3HIGH

Key Information:

Vendor: Red Hat
Status: Red Hat Openshift Container Platform 4; Red Hat Openshift For Windows Containers
Vendor: CVE Published:; 22 June 2026

What is CVE-2026-54100?

A vulnerability in the Windows Machine Config Operator (WMCO) for the Red Hat OpenShift Container Platform allows an attacker on an adjacent network to exploit the SSH connections made by WMCO. The flaw arises from WMCO's failure to verify the remote server host key during SSH sessions. As a result, an attacker intercepting or redirecting these sessions can gain access to sensitive WICD and kubelet bootstrap credentials. This exposure can lead to the compromise of Windows node identities within the OpenShift cluster, posing a significant security risk.

References

https://access.redhat.com/security/cve/CVE-2026-54100

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2487953

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

8.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 22, 2026
Vulnerability Reserved
Jun 11, 2026

CVE-2026-54100 Data

JSON