Introduction
An RBAC misconfiguration shipped by the OpenShift Pipelines Operator silently grants every authenticated cluster user write access to Kueue scheduling resources and cert-manager certificate objects, opening the door to cross-tenant workload disruption and TLS certificate hijacking on any affected OpenShift cluster. With a CVSS score of 9.6 and no patch available at the time of disclosure, this vulnerability affects every OpenShift Pipelines deployment regardless of whether the Tekton Scheduler feature is actually enabled.
Red Hat OpenShift Pipelines is a cloud-native CI/CD solution based on Kubernetes, powered by the Tektoncd project. The underlying tektoncd/operator manages TektonCD Pipelines, Dashboard, Triggers, and related components. As of 2026, 6,633 verified companies use Red Hat OpenShift, and the container management market exceeds $2.5 billion annually, making the blast radius of this vulnerability significant across enterprise environments.
Technical Information
Root Cause: Overly Permissive ClusterRoleBinding
CVE-2026-10840 is classified under CWE-732 (Incorrect Permission Assignment for Critical Resource), which MITRE defines as occurring when "the product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors." CWE-732 is mapped to attack patterns CAPEC-1 (Accessing Functionality Not Properly Constrained by ACLs) and CAPEC-122 (Privilege Abuse), both describing the core mechanics at play here.
The OpenShift Pipelines Operator ships a ClusterRoleBinding named tekton-scheduler-rolebinding that binds ClusterRole/tekton-scheduler-role to the system:authenticated group. In Kubernetes and OpenShift, the system:authenticated group includes every user, service account, and application pod that has successfully authenticated to the API server. This means any developer, CI/CD pipeline, or compromised pod with valid credentials inherits the following cluster-wide permissions:
| Resource Group | Resources | Permissions Granted |
|---|---|---|
| kueue.x-k8s.io | ResourceFlavor, Workload, WorkloadPriorityClass | create, update, patch, delete |
| cert-manager.io | Certificate, Issuer | create, update |
A critical detail from the Bugzilla report: the RBAC objects are installed unconditionally even when the Tekton Scheduler feature is disabled. Organizations that deployed the OpenShift Pipelines Operator but never enabled the Tekton Scheduler feature are still fully exposed.
Attack Vector 1: Kueue Workload Scheduling Disruption
When Kueue CRDs are present on the cluster (for example, installed via Red Hat OpenShift AI), any authenticated user can exploit the granted permissions to disrupt cross-tenant workload scheduling. The specific attacks include:
- Deleting ResourceFlavor objects: ResourceFlavors define the resource quotas available to tenants. Removing them causes scheduled workloads to fail or become unschedulable.
- Destroying other tenants' Workload objects: An attacker can directly delete queued or running batch jobs belonging to other users or teams.
- Tampering with WorkloadPriorityClass objects: Altering scheduling priorities allows an attacker to favor their own workloads or deprioritize others.
These operations can be performed with standard kubectl commands. No elevated privileges, social engineering, or specialized tooling are needed. The attack undermines the core multi-tenancy isolation that Kueue provides for batch scheduling in shared clusters.
Attack Vector 2: cert-manager Confused Deputy Attack
When cert-manager is installed on the cluster, any authenticated user can create Certificate objects targeting arbitrary Secrets. The Bugzilla report specifically describes how an attacker can target the default ingress controller's TLS Secret (openshift-ingress/router-certs-default), causing cert-manager to overwrite it with an attacker-influenced certificate.
This is a textbook confused deputy attack. The attacker cannot write Secrets directly, but leverages cert-manager's ServiceAccount to do so, crossing authorization boundaries. The consequences include:
- TLS certificate hijacking: Overwriting the cluster's default ingress TLS certificate with one controlled by the attacker enables interception of HTTPS traffic to any route on the cluster.
- Certificate issuance pipeline manipulation: Creating or modifying
Issuerobjects gives the attacker control over how certificates are issued.
The confused deputy pattern makes this attack particularly insidious because standard RBAC auditing might not immediately flag it. The attacker never directly writes to the targeted Secrets; they instruct cert-manager to do it on their behalf.
Exploitation Prerequisites
The attack requires only authenticated access to the OpenShift API server, which is the baseline level of access for any cluster user. Exploitation can be performed with standard kubectl commands against the Kubernetes API. The network-based attack vector, low attack complexity, and high impact across confidentiality, integrity, and availability are reflected in the CVSS 9.6 critical rating.
Why This Matters for Multi-Tenant Clusters
Organizations running both Kueue and cert-manager alongside OpenShift Pipelines face compounded risk, as both attack vectors become simultaneously available. Compared to other 2026 OpenShift Pipelines CVEs (CVE-2026-33211, CVE-2026-34986), CVE-2026-10840 stands out for its cluster-wide blast radius rather than being confined to a single namespace or tenant, and for its ability to compromise TLS infrastructure rather than just CI/CD pipeline resources.
Affected Systems and Versions
The vulnerability affects all deployments of the OpenShift Pipelines Operator (tektoncd/operator) that ship the tekton-scheduler-rolebinding ClusterRoleBinding. Based on the available information:
- All versions of the OpenShift Pipelines Operator that include the
tekton-scheduler-rolebindingare affected. - The vulnerability is present regardless of whether the Tekton Scheduler feature is enabled or disabled, since the RBAC objects are installed unconditionally.
- Clusters are exploitable when Kueue CRDs (e.g., installed via Red Hat OpenShift AI) or cert-manager are also present on the cluster.
- As of 2026-06-04, Red Hat lists no fixed packages. The Bugzilla entry shows no target milestone or fix version assigned, and the bug status remains NEW.
- The most recent OpenShift Pipelines security advisory, RHSA-2026:21932, addresses CVE-2026-33186, CVE-2026-33211, and CVE-2026-34986 but does not include CVE-2026-10840.
Recommended Workarounds
Since no official patch exists, administrators should consider the following actions (derived from Kubernetes RBAC documentation and CWE-732 mitigation guidance, not from Red Hat's official advisory for this CVE):
- Remove the binding: If the Tekton Scheduler feature is not in use, delete the ClusterRoleBinding with
kubectl delete clusterrolebinding tekton-scheduler-rolebinding. The Bugzilla report confirms this has no functional impact when the feature is disabled. - Scope the binding: If the Tekton Scheduler feature is required, recreate the ClusterRoleBinding with a more restrictive subject (specific ServiceAccounts or a dedicated group) rather than
system:authenticated. - Audit permissions: Use
kubectl auth can-ito verify that authenticated users cannot write to Kueue or cert-manager resources. - Monitor for the official patch: Track the Bugzilla entry and the Red Hat CVE page for updates.
Important caveat: Deleting the ClusterRoleBinding may conflict with operator reconciliation loops. The operator may attempt to recreate the binding. Test any manual RBAC changes in a non-production environment first.
Vendor Security History
The OpenShift Pipelines ecosystem has seen multiple security issues in 2026, indicating this component stack is an area of active security research and discovery:
- CVE-2026-33211: A flaw in the Tekton Pipelines git resolver allowing tenant exploitation, addressed in RHSA-2026:21932.
- CVE-2026-40161: Affecting Tekton Pipelines git resolver versions 1.0.0 to 1.10.0.
- CVE-2026-33186: Another OpenShift Pipelines vulnerability addressed in RHSA-2026:21932.
Red Hat maintains a dedicated Product Security team and operates a PSIRT that follows a structured vulnerability management lifecycle. They regularly publish security advisories (RHSAs) for OpenShift Pipelines. However, the pattern of RBAC and authorization related vulnerabilities in the Tekton operator suggests that the permission model for this component warrants closer scrutiny from both Red Hat and cluster administrators.
References
- NVD Entry for CVE-2026-10840
- Red Hat CVE Page for CVE-2026-10840
- Bugzilla Bug 2484720: tekton-scheduler-rolebinding grants system:authenticated write access
- RHSA-2026:21932 Security Advisory (OpenShift Pipelines)
- CWE-732: Incorrect Permission Assignment for Critical Resource
- tektoncd/operator GitHub Repository
- Tekton Operator Documentation
- Kubernetes RBAC Authorization Documentation
- Red Hat Vulnerability Management and Lifecycle
- CVE-2026-33211 (Related OpenShift Pipelines CVE)
- CVE-2026-40161 (Related Tekton Pipelines CVE)
- CVE-2026-33186 (Related OpenShift Pipelines CVE)



