CVE-2026-54099 Overview
CVE-2026-54099 is a privilege escalation flaw in the Windows Machine Config Operator (WMCO) for Red Hat OpenShift Container Platform. The Windows Instance Config Daemon (WICD) Certificate Signing Request (CSR) auto-approver verifies that a CSR contains the organization system:wicd-nodes but fails to reject additional organization values. An attacker who compromises a Windows worker node holding WICD credentials can submit a crafted CSR that also includes system:masters. The cluster auto-approves and signs the request, returning a client certificate with cluster-administrator privileges. This enables full OpenShift cluster takeover from a single compromised worker node. The weakness is tracked as [CWE-269: Improper Privilege Management].
Critical Impact
A compromised Windows worker node can escalate to cluster-administrator and take over the entire OpenShift cluster.
Affected Products
- Red Hat OpenShift Container Platform
- Windows Machine Config Operator (WMCO)
- Windows Instance Config Daemon (WICD)
Discovery Timeline
- 2026-06-22 - CVE-2026-54099 published to NVD
- 2026-06-23 - Last updated in NVD database
Technical Details for CVE-2026-54099
Vulnerability Analysis
The WMCO manages Windows worker nodes joining an OpenShift cluster. WICD runs on each Windows node and uses a service certificate to authenticate to the Kubernetes API. The WICD CSR auto-approver inspects incoming CSRs and signs those it recognizes as belonging to Windows node bootstrap and renewal flows.
The approver checks for the presence of the system:wicd-nodes organization in the CSR subject. It does not enforce that this is the only organization value present. A CSR containing both system:wicd-nodes and system:masters satisfies the check and is signed by the cluster certificate authority.
In Kubernetes role-based access control, membership in system:masters grants unrestricted cluster-administrator privileges through the default cluster-admin binding. The resulting certificate bypasses every RBAC policy in the cluster.
Root Cause
The root cause is incomplete input validation in the CSR auto-approver. The approver uses an inclusion check on organization values rather than an exact-match or allowlist comparison. Any attacker-controlled organization field that contains system:wicd-nodes alongside privileged groups passes validation.
Attack Vector
Exploitation requires local access to a Windows worker node and the ability to read or use WICD credentials stored on that node. The attacker constructs a CSR with a subject containing organizations system:wicd-nodes and system:masters, then submits it through the standard certificate signing API using WICD credentials. The auto-approver signs the CSR and returns a client certificate. The attacker uses this certificate to authenticate to the Kubernetes API with cluster-admin authority and execute arbitrary operations against any namespace or resource.
The vulnerability does not have public proof-of-concept code.
See the Red Hat advisory for technical details.
Detection Methods for CVE-2026-54099
Indicators of Compromise
- CSR objects in the cluster whose spec.request decodes to a subject containing multiple organizations including system:masters
- Approved CSRs originating from Windows nodes that result in certificates bound to privileged groups
- API server audit log entries showing authentication by a certificate whose CN is a WICD identity but whose groups include system:masters
- Sudden creation of ClusterRoleBinding or service account token objects by a Windows node identity
Detection Strategies
- Audit all CertificateSigningRequest objects and decode the embedded PKCS#10 to enumerate subject organization values
- Alert on any signed certificate that lists system:masters outside of the documented control plane bootstrap process
- Correlate Kubernetes API audit events with the issuing certificate serial to identify privileged actions performed by node identities
Monitoring Recommendations
- Enable Kubernetes API server audit logging at the RequestResponse level for certificatesigningrequests and clusterrolebindings
- Forward OpenShift audit logs into a centralized analytics platform such as Singularity Data Lake for OCSF-normalized querying and retention
- Monitor Windows worker nodes with an endpoint sensor to detect credential theft and lateral movement from the node to the control plane
How to Mitigate CVE-2026-54099
Immediate Actions Required
- Apply the WMCO update referenced in the Red Hat CVE-2026-54099 Advisory as soon as it is available for your channel
- Revoke and rotate any WICD-issued certificates that contain unexpected organization values
- Review API audit logs for cluster-admin actions performed by node identities and treat any matches as confirmed compromise
Patch Information
Refer to the Red Hat CVE-2026-54099 Advisory and the Red Hat Bug #2487950 Discussion for fixed versions and errata. The corrected approver enforces exact-match validation on the CSR organization field.
Workarounds
- Disable the WICD CSR auto-approver and require manual approval of Windows node CSRs until the patched WMCO is installed
- Add an admission policy that rejects CSRs whose subject organization list contains values other than system:wicd-nodes for Windows node flows
- Restrict access to Windows worker nodes and harden storage of WICD credentials to prevent local compromise
# Inspect pending CSRs and decode their subject organizations
oc get csr -o json | jq -r '.items[] | select(.status.conditions == null) | .metadata.name' \
| while read csr; do
oc get csr "$csr" -o jsonpath='{.spec.request}' \
| base64 -d \
| openssl req -noout -subject
done
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

