Lucene search
K

5 matches found

OSV
OSV
added 2026/04/07 3:30 p.m.6 views

GHSA-Q4GV-PJMH-C735 Open Cluster Management (OCM): Cross-cluster privilege escalation via improper Kubernetes client certificate renewal validation

A flaw was found in Open Cluster Management OCM, the technology underlying Red Hat Advanced Cluster Management ACM. Improper validation of Kubernetes client certificate renewal allows a managed cluster administrator to forge a client certificate that can be approved by the OCM controller. This...

8.2CVSS5.7AI score0.00112EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2026/04/07 3:30 p.m.6 views

Open Cluster Management (OCM): Cross-cluster privilege escalation via improper Kubernetes client certificate renewal validation

A flaw was found in Open Cluster Management OCM, the technology underlying Red Hat Advanced Cluster Management ACM. Improper validation of Kubernetes client certificate renewal allows a managed cluster administrator to forge a client certificate that can be approved by the OCM controller. This...

8.2CVSS5.8AI score0.00112EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2026/04/07 3:17 p.m.2 views

CVE-2026-4740

A flaw was found in Open Cluster Management OCM, the technology underlying Red Hat Advanced Cluster Management ACM. Improper validation of Kubernetes client certificate renewal allows a managed cluster administrator to forge a client certificate that can be approved by the OCM controller. This...

8.2CVSS0.00112EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/04/07 2:30 p.m.19 views

CVE-2026-4740 Rhacm: open cluster management (ocm): cross-cluster privilege escalation via improper kubernetes client certificate renewal validation

A flaw was found in Open Cluster Management OCM, the technology underlying Red Hat Advanced Cluster Management ACM. Improper validation of Kubernetes client certificate renewal allows a managed cluster administrator to forge a client certificate that can be approved by the OCM controller. This...

8.2CVSS0.00112EPSS
Exploits1References3
CVE
CVE
added 2026/04/07 2:30 p.m.28 views

CVE-2026-4740

CVE-2026-4740 affects Open Cluster Management (OCM), the tech behind Red Hat ACM. The issue is improper validation of Kubernetes client certificate renewal, which can let a managed-cluster admin forge a client certificate accepted by the OCM controller. This enables cross-cluster privilege escala...

8.2CVSS5.8AI score0.00112EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder