CVE-2026-10101 Overview
CVE-2026-10101 is an information disclosure vulnerability in Red Hat Advanced Cluster Management (ACM) and Multicluster Engine (MCE) assisted-service. The component writes raw referenced pull-secret contents into InfraEnv.status.conditions[].message when pull-secret validation fails. This behavior bypasses the Kubernetes and OpenShift Role-Based Access Control (RBAC) separation between read-only namespace viewers and Secret readers. A principal holding the stock view ClusterRole cannot directly read Secrets, but can read InfraEnv objects and recover the referenced Secret's .dockerconfigjson contents from the status field. The flaw is tracked under [CWE-201] Insertion of Sensitive Information Into Sent Data.
Critical Impact
A namespace user with only view permissions can recover pull-secret username, password, email, and base64 auth fields without get or list access to Secrets.
Affected Products
- Red Hat Advanced Cluster Management for Kubernetes (ACM)
- Red Hat Multicluster Engine (MCE) assisted-service
- OpenShift environments using ACM/MCE InfraEnv resources
Discovery Timeline
- 2026-05-29 - CVE-2026-10101 published to NVD
- 2026-05-29 - Last updated in NVD database
Technical Details for CVE-2026-10101
Vulnerability Analysis
The assisted-service controller in ACM/MCE validates pull-secret references attached to an InfraEnv custom resource. When validation fails, the controller surfaces the failure by writing diagnostic content into InfraEnv.status.conditions[].message. The diagnostic content includes the raw contents of the referenced Secret rather than a sanitized identifier or error code. The vulnerability falls under information exposure ([CWE-201]) because sensitive data is embedded in a downstream object that has a different RBAC posture than the source Secret.
Root Cause
The root cause is improper handling of error context. The controller propagates the full .dockerconfigjson payload, including username, password, email, and base64-encoded auth fields, into a status condition message. Status fields on custom resources inherit the read permissions of the parent custom resource. Any principal able to read InfraEnv objects can therefore read the Secret content indirectly.
Attack Vector
An authenticated namespace principal bound to the default view ClusterRole queries InfraEnv resources in the target namespace. The principal reads status.conditions[].message from any InfraEnv whose pull-secret validation has failed. The proof of concept demonstrated recovery of synthetic pull-secret fields by a ServiceAccount that was explicitly denied get and list verbs on Secrets. Exploitation requires low privileges and some user interaction to trigger a validation failure, but the attack is performed over the network against the Kubernetes API.
The vulnerability is described in prose only. See the Red Hat CVE-2026-10101 Advisory and Red Hat Bugzilla Report #2483298 for vendor technical details.
Detection Methods for CVE-2026-10101
Indicators of Compromise
- Presence of .dockerconfigjson, auth, or base64 credential strings inside InfraEnv.status.conditions[].message
- Audit log entries showing get or list on infraenvs.agent-install.openshift.io by ServiceAccounts or users holding only the view ClusterRole
- Repeated failed pull-secret validation events correlating with subsequent InfraEnv reads from unexpected principals
Detection Strategies
- Inspect existing InfraEnv objects across all namespaces for status condition messages containing credential-like strings or dockerconfigjson substrings
- Enable and review Kubernetes API audit logs for read operations on InfraEnv resources by low-privilege accounts
- Correlate assisted-service controller logs with InfraEnv status updates that include Secret content
Monitoring Recommendations
- Alert on any InfraEnv status message exceeding expected size or containing the literal strings auth, password, or username
- Monitor for new RoleBindings or ClusterRoleBindings granting view on namespaces containing InfraEnv resources
- Track service account token usage from pods that query InfraEnv objects outside expected automation paths
How to Mitigate CVE-2026-10101
Immediate Actions Required
- Apply the Red Hat patch for ACM and MCE assisted-service when available; see the Red Hat CVE-2026-10101 Advisory
- Audit existing InfraEnv objects and clear or recreate any resource whose status.conditions[].message contains pull-secret contents
- Rotate any pull-secret credentials that may have been exposed in InfraEnv status fields
Patch Information
Red Hat tracks the fix in Bugzilla Report #2483298. Consult the Red Hat advisory for fixed ACM and MCE component versions and apply updates through standard OpenShift cluster lifecycle tooling.
Workarounds
- Restrict the view ClusterRole or replace it with custom roles that exclude get and list on infraenvs.agent-install.openshift.io until patching
- Validate pull-secret references out-of-band before binding them to InfraEnv objects to avoid triggering the validation failure path
- Place InfraEnv resources in dedicated namespaces with tightly scoped RBAC to limit the population of principals that can read status fields
# Identify InfraEnv objects whose status may contain leaked pull-secret data
oc get infraenv --all-namespaces -o json | \
jq '.items[] | select(.status.conditions[]?.message | test("dockerconfigjson|auth|password")) | {ns: .metadata.namespace, name: .metadata.name}'
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
