Description
A flaw was found in the Windows Machine Config Operator (WMCO) for Red Hat OpenShift Container Platform. WMCO establishes SSH connections to Windows worker nodes without verifying the remote server host key. An adjacent-network attacker who can intercept or redirect WMCO's SSH session can capture WICD and kubelet bootstrap credentials transferred during node configuration, enabling compromise of Windows node identities in the cluster.
Published: 2026-06-22
Score: 8.3 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw occurs in the Windows Machine Config Operator for Red Hat OpenShift and allows the operator to open SSH sessions to Windows worker nodes without validating the remote host key. Because the host key is not checked, an attacker who can intercept or redirect traffic on the same network can capture the credentials transmitted during node configuration, such as *WICD* and *kubelet* bootstrap tokens. The result is the theft of authenticating credentials that grant control over the affected Windows node and potentially over the entire cluster if those nodes serve privileged functions. The weakness is a classic example of insecure use of cryptographic protocols, classified as CWE‑295.

Affected Systems

Red Hat OpenShift Container Platform 4 and Red Hat OpenShift for Windows Containers. No specific version range is listed in the CNA data, so any installation of the Windows Machine Config Operator that has not been updated to the latest release is considered vulnerable.

Risk and Exploitability

The CVSS score of 8.3 indicates a high severity vulnerability. With no EPSS score available, the likelihood of exploitation cannot be determined from the data, and the vulnerability is not currently reflected in CISA’s KEV catalog. The likely attack vector is an adjacent‑network attacker who can intercept or reroute the SSH traffic between WMCO and the Windows nodes. If the attacker succeeds in redirecting the session, they can capture the bootstrap credentials sent over the session and use them to assume node identity and further compromise the cluster. The exploitation is mitigated only by applying the official update that enforces host‑key verification.

Generated by OpenCVE AI on June 22, 2026 at 14:39 UTC.

Remediation

Vendor Workaround

At this time, no mitigation or workaround is available for this vulnerability. Customers are advised to apply the appropriate updates as they become available.


OpenCVE Recommended Actions

  • Apply the latest Red Hat update that patches the Windows Machine Config Operator to enforce SSH host‑key verification.
  • Update or redeploy the OpenShift cluster to use the patched WMCO component, ensuring all worker nodes use the fixed version.
  • Monitor SSH traffic between WMCO and Windows nodes for unexpected key changes or anomalous connection patterns and consider network segmentation to limit adjacent‑network access.

Generated by OpenCVE AI on June 22, 2026 at 14:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 24 Jun 2026 21:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat openshift Container Platform
Redhat openshift For Windows Containers
Vendors & Products Redhat openshift Container Platform
Redhat openshift For Windows Containers

Tue, 23 Jun 2026 12:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

threat_severity

Important


Mon, 22 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 22 Jun 2026 13:45:00 +0000

Type Values Removed Values Added
Description A flaw was found in the Windows Machine Config Operator (WMCO) for Red Hat OpenShift Container Platform. WMCO establishes SSH connections to Windows worker nodes without verifying the remote server host key. An adjacent-network attacker who can intercept or redirect WMCO's SSH session can capture WICD and kubelet bootstrap credentials transferred during node configuration, enabling compromise of Windows node identities in the cluster.
Title Windows-machine-config-operator: windows-machine-config-operator: ssh host key not verified enables credential theft
First Time appeared Redhat
Redhat openshift
Redhat windows Machine Config
Weaknesses CWE-295
CPEs cpe:/a:redhat:openshift:4
cpe:/a:redhat:windows_machine_config
Vendors & Products Redhat
Redhat openshift
Redhat windows Machine Config
References
Metrics cvssV3_1

{'score': 8.3, 'vector': 'CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H'}


Subscriptions

Redhat Openshift Openshift Container Platform Openshift For Windows Containers Windows Machine Config
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-06-30T12:10:48.211Z

Reserved: 2026-06-11T19:02:42.736Z

Link: CVE-2026-54100

cve-icon Vulnrichment

Updated: 2026-06-30T03:20:58.332Z

cve-icon NVD

No data.

cve-icon Redhat

Severity : Important

Publid Date: 2026-06-10T00:00:00Z

Links: CVE-2026-54100 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-24T20:41:26Z

Weaknesses
  • CWE-295

    Improper Certificate Validation