ZeroPath at Black Hat USA 2026

Brief Summary: CVE-2026-10840 OpenShift Pipelines RBAC Misconfiguration Grants Any Authenticated User Cluster Wide Write Access

A short review of CVE-2026-10840, a critical RBAC misconfiguration in the OpenShift Pipelines Operator that grants every authenticated cluster user write access to Kueue and cert-manager custom resources, enabling workload disruption and TLS certificate overwrite via a confused deputy attack.

CVE Analysis

10 min read

ZeroPath CVE Analysis
ZeroPath CVE Analysis

2026-06-04

Brief Summary: CVE-2026-10840 OpenShift Pipelines RBAC Misconfiguration Grants Any Authenticated User Cluster Wide Write Access
Experimental AI-Generated Content

This CVE analysis is an experimental publication that is completely AI-generated. The content may contain errors or inaccuracies and is subject to change as more information becomes available. We are continuously refining our process.

If you have feedback, questions, or notice any errors, please reach out to us.

[email protected]

Introduction

An RBAC misconfiguration shipped by the OpenShift Pipelines Operator silently grants every authenticated cluster user write access to Kueue scheduling resources and cert-manager certificate objects, opening the door to cross-tenant workload disruption and TLS certificate hijacking on any affected OpenShift cluster. With a CVSS score of 9.6 and no patch available at the time of disclosure, this vulnerability affects every OpenShift Pipelines deployment regardless of whether the Tekton Scheduler feature is actually enabled.

Red Hat OpenShift Pipelines is a cloud-native CI/CD solution based on Kubernetes, powered by the Tektoncd project. The underlying tektoncd/operator manages TektonCD Pipelines, Dashboard, Triggers, and related components. As of 2026, 6,633 verified companies use Red Hat OpenShift, and the container management market exceeds $2.5 billion annually, making the blast radius of this vulnerability significant across enterprise environments.

Technical Information

Root Cause: Overly Permissive ClusterRoleBinding

CVE-2026-10840 is classified under CWE-732 (Incorrect Permission Assignment for Critical Resource), which MITRE defines as occurring when "the product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors." CWE-732 is mapped to attack patterns CAPEC-1 (Accessing Functionality Not Properly Constrained by ACLs) and CAPEC-122 (Privilege Abuse), both describing the core mechanics at play here.

The OpenShift Pipelines Operator ships a ClusterRoleBinding named tekton-scheduler-rolebinding that binds ClusterRole/tekton-scheduler-role to the system:authenticated group. In Kubernetes and OpenShift, the system:authenticated group includes every user, service account, and application pod that has successfully authenticated to the API server. This means any developer, CI/CD pipeline, or compromised pod with valid credentials inherits the following cluster-wide permissions:

Resource GroupResourcesPermissions Granted
kueue.x-k8s.ioResourceFlavor, Workload, WorkloadPriorityClasscreate, update, patch, delete
cert-manager.ioCertificate, Issuercreate, update

A critical detail from the Bugzilla report: the RBAC objects are installed unconditionally even when the Tekton Scheduler feature is disabled. Organizations that deployed the OpenShift Pipelines Operator but never enabled the Tekton Scheduler feature are still fully exposed.

Attack Vector 1: Kueue Workload Scheduling Disruption

When Kueue CRDs are present on the cluster (for example, installed via Red Hat OpenShift AI), any authenticated user can exploit the granted permissions to disrupt cross-tenant workload scheduling. The specific attacks include:

  1. Deleting ResourceFlavor objects: ResourceFlavors define the resource quotas available to tenants. Removing them causes scheduled workloads to fail or become unschedulable.
  2. Destroying other tenants' Workload objects: An attacker can directly delete queued or running batch jobs belonging to other users or teams.
  3. Tampering with WorkloadPriorityClass objects: Altering scheduling priorities allows an attacker to favor their own workloads or deprioritize others.

These operations can be performed with standard kubectl commands. No elevated privileges, social engineering, or specialized tooling are needed. The attack undermines the core multi-tenancy isolation that Kueue provides for batch scheduling in shared clusters.

Attack Vector 2: cert-manager Confused Deputy Attack

When cert-manager is installed on the cluster, any authenticated user can create Certificate objects targeting arbitrary Secrets. The Bugzilla report specifically describes how an attacker can target the default ingress controller's TLS Secret (openshift-ingress/router-certs-default), causing cert-manager to overwrite it with an attacker-influenced certificate.

This is a textbook confused deputy attack. The attacker cannot write Secrets directly, but leverages cert-manager's ServiceAccount to do so, crossing authorization boundaries. The consequences include:

  1. TLS certificate hijacking: Overwriting the cluster's default ingress TLS certificate with one controlled by the attacker enables interception of HTTPS traffic to any route on the cluster.
  2. Certificate issuance pipeline manipulation: Creating or modifying Issuer objects gives the attacker control over how certificates are issued.

The confused deputy pattern makes this attack particularly insidious because standard RBAC auditing might not immediately flag it. The attacker never directly writes to the targeted Secrets; they instruct cert-manager to do it on their behalf.

Exploitation Prerequisites

The attack requires only authenticated access to the OpenShift API server, which is the baseline level of access for any cluster user. Exploitation can be performed with standard kubectl commands against the Kubernetes API. The network-based attack vector, low attack complexity, and high impact across confidentiality, integrity, and availability are reflected in the CVSS 9.6 critical rating.

Why This Matters for Multi-Tenant Clusters

Organizations running both Kueue and cert-manager alongside OpenShift Pipelines face compounded risk, as both attack vectors become simultaneously available. Compared to other 2026 OpenShift Pipelines CVEs (CVE-2026-33211, CVE-2026-34986), CVE-2026-10840 stands out for its cluster-wide blast radius rather than being confined to a single namespace or tenant, and for its ability to compromise TLS infrastructure rather than just CI/CD pipeline resources.

Affected Systems and Versions

The vulnerability affects all deployments of the OpenShift Pipelines Operator (tektoncd/operator) that ship the tekton-scheduler-rolebinding ClusterRoleBinding. Based on the available information:

  • All versions of the OpenShift Pipelines Operator that include the tekton-scheduler-rolebinding are affected.
  • The vulnerability is present regardless of whether the Tekton Scheduler feature is enabled or disabled, since the RBAC objects are installed unconditionally.
  • Clusters are exploitable when Kueue CRDs (e.g., installed via Red Hat OpenShift AI) or cert-manager are also present on the cluster.
  • As of 2026-06-04, Red Hat lists no fixed packages. The Bugzilla entry shows no target milestone or fix version assigned, and the bug status remains NEW.
  • The most recent OpenShift Pipelines security advisory, RHSA-2026:21932, addresses CVE-2026-33186, CVE-2026-33211, and CVE-2026-34986 but does not include CVE-2026-10840.

Since no official patch exists, administrators should consider the following actions (derived from Kubernetes RBAC documentation and CWE-732 mitigation guidance, not from Red Hat's official advisory for this CVE):

  1. Remove the binding: If the Tekton Scheduler feature is not in use, delete the ClusterRoleBinding with kubectl delete clusterrolebinding tekton-scheduler-rolebinding. The Bugzilla report confirms this has no functional impact when the feature is disabled.
  2. Scope the binding: If the Tekton Scheduler feature is required, recreate the ClusterRoleBinding with a more restrictive subject (specific ServiceAccounts or a dedicated group) rather than system:authenticated.
  3. Audit permissions: Use kubectl auth can-i to verify that authenticated users cannot write to Kueue or cert-manager resources.
  4. Monitor for the official patch: Track the Bugzilla entry and the Red Hat CVE page for updates.

Important caveat: Deleting the ClusterRoleBinding may conflict with operator reconciliation loops. The operator may attempt to recreate the binding. Test any manual RBAC changes in a non-production environment first.

Vendor Security History

The OpenShift Pipelines ecosystem has seen multiple security issues in 2026, indicating this component stack is an area of active security research and discovery:

  • CVE-2026-33211: A flaw in the Tekton Pipelines git resolver allowing tenant exploitation, addressed in RHSA-2026:21932.
  • CVE-2026-40161: Affecting Tekton Pipelines git resolver versions 1.0.0 to 1.10.0.
  • CVE-2026-33186: Another OpenShift Pipelines vulnerability addressed in RHSA-2026:21932.

Red Hat maintains a dedicated Product Security team and operates a PSIRT that follows a structured vulnerability management lifecycle. They regularly publish security advisories (RHSAs) for OpenShift Pipelines. However, the pattern of RBAC and authorization related vulnerabilities in the Tekton operator suggests that the permission model for this component warrants closer scrutiny from both Red Hat and cluster administrators.

References

Detect & fix
what others miss

Works with
  • GitHub
  • GitLab
  • Bitbucket
  • Azure DevOps Services
  • Jira
  • Linear
  • Slack
  • Security Compass
Security magnifying glass visualization