CVE-2026-10843
7.2 HIGHA flaw was found in the OpenShift Cloud Credential Operator Mint-mode IAM policies for AWS
Published: 2026-06-04 · Last updated: 2026-06-04
Severity and scoring
- CVSS
- 7.2 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- CWE
- CWE-250
Description
A flaw was found in the OpenShift Cloud Credential Operator Mint-mode IAM policies for AWS. Operator credentials are provisioned with account-wide scope for destructive actions rather than being restricted to cluster-owned resources, enabling cross-scope impact after credential compromise.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-11626 — CleanWipe Removal Tool (macOS), prior to 16.0.0.65, may be susceptible to an Local Privilege Escalation vulnerability, which is a type of...
- CVE-2026-50566 — Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes (9.9 CRITICAL)
- CVE-2026-50565 — Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes (4.9 MEDIUM)
- CVE-2026-46618 — Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes
- CVE-2026-46617 — Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes