CVE-2026-4740

ADVISORY - github

Summary

A flaw was found in Open Cluster Management (OCM), the technology underlying Red Hat Advanced Cluster Management (ACM). Improper validation of Kubernetes client certificate renewal allows a managed cluster administrator to forge a client certificate that can be approved by the OCM controller. This enables cross-cluster privilege escalation and may allow an attacker to gain control over other managed clusters, including the hub cluster.

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-295⁠

Improper Certificate Validation

ADVISORY - github

CWE-295⁠

Improper Certificate Validation

ADVISORY - redhat

CWE-295⁠

Improper Certificate Validation

Impacted images

Advisories

NIST

CREATED

1 day ago

UPDATED

5 hours ago

ADVISORY IDCVE-2026-4740⁠

EXPLOITABILITY SCORE

1.5

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

8.2high

GitHub

CREATED

1 day ago

UPDATED

7 hours ago

ADVISORY IDGHSA-q4gv-pjmh-c735⁠

EXPLOITABILITY SCORE

1.5

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

8.2high

Red Hat

CREATED

2 days ago

UPDATED

1 day ago

ADVISORY IDCVE-2026-4740⁠

EXPLOITABILITY SCORE

1.5

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

8.2high