Plataforma
kubernetes
Componente
open-cluster-management
Corrigido em
1.10.0
2.5.4
CVE-2026-4740 is a Privilege Escalation vulnerability discovered in Open Cluster Management (OCM), the technology underpinning Red Hat Advanced Cluster Management (ACM). This flaw allows a malicious managed cluster administrator to forge Kubernetes client certificates, bypassing validation checks within the OCM controller. Consequently, an attacker could escalate privileges and potentially gain control over other managed clusters, including the central hub cluster. The vulnerability impacts versions 1.0.0 through 2.5.3, and a fix is available in version 2.5.4.
The impact of CVE-2026-4740 is significant due to its potential for cross-cluster privilege escalation. A successful exploit allows an attacker, initially with administrative access to a managed cluster, to forge a client certificate. This forged certificate, when approved by the OCM controller, grants the attacker elevated privileges, effectively allowing them to operate as if they have administrative control over other managed clusters within the OCM environment. This includes the hub cluster, which typically manages and orchestrates the entire cluster federation. The blast radius extends to all clusters managed by the affected OCM controller, potentially leading to data breaches, service disruption, and complete compromise of the cluster infrastructure. This vulnerability shares similarities with other certificate forgery attacks that have exploited trust relationships within Kubernetes environments.
CVE-2026-4740 was publicly disclosed on 2026-04-07. Its inclusion in the CISA KEV catalog is pending. Currently, no public proof-of-concept (PoC) exploits are known, but the vulnerability’s nature suggests a moderate probability of exploitation (EPSS score likely medium). Active campaigns targeting OCM environments are not currently reported, but given the potential impact, organizations should prioritize remediation.
Organizations utilizing Red Hat Advanced Cluster Management (ACM) and relying on Open Cluster Management for multi-cluster management are at significant risk. Specifically, deployments with multiple managed clusters and a central hub cluster are particularly vulnerable. Legacy configurations with relaxed certificate validation policies or shared hosting environments utilizing OCM should be prioritized for remediation.
• kubernetes / cluster:
kubectl get pods -n kube-system -l component=ocm-controller -o wide | grep -i ocm• kubernetes / cluster:
kubectl describe secret -n kube-system ocm-controller-client-certificate | grep 'expiry'• kubernetes / cluster: Monitor audit logs for unusual certificate signing requests or approvals originating from managed clusters. • kubernetes / cluster: Review Kubernetes network policies to ensure proper isolation between managed clusters and the hub cluster.
disclosure
Status do Exploit
EPSS
0.01% (percentil 1%)
CISA SSVC
Vetor CVSS
The primary mitigation for CVE-2026-4740 is to upgrade Open Cluster Management to version 2.5.4 or later, which includes the necessary certificate validation fixes. If an immediate upgrade is not feasible, consider implementing stricter network segmentation between managed clusters to limit the potential impact of a compromised cluster. Implement robust monitoring and alerting for suspicious certificate requests or approvals within the OCM controller. While a direct WAF rule is unlikely, consider implementing network policies within Kubernetes to restrict communication between clusters based on the principle of least privilege. After upgrading, verify the fix by attempting to forge a client certificate from a managed cluster and confirming that the OCM controller rejects the request due to the improved validation checks.
Actualice a la versión 2.5.4 o superior de Red Hat Multicluster Engine for Kubernetes. Esta actualización corrige la validación incorrecta de los certificados del cliente de Kubernetes, previniendo la escalada de privilegios entre clústeres.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2026-4740 is a HIGH severity vulnerability in Open Cluster Management versions 1.0.0–2.5.3 that allows attackers to forge client certificates and escalate privileges across managed clusters.
If you are using Open Cluster Management versions 1.0.0 through 2.5.3, you are potentially affected by this vulnerability. Assess your environment and prioritize upgrading.
Upgrade Open Cluster Management to version 2.5.4 or later to remediate the vulnerability. Consider network segmentation and enhanced monitoring as interim measures.
Currently, there are no confirmed reports of active exploitation, but the vulnerability's potential impact warrants immediate attention and remediation.
Refer to the official Red Hat security advisory for CVE-2026-4740 for detailed information and guidance: [https://access.redhat.com/security/cve/CVE-2026-4740]
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.