ZeroPath at Black Hat USA 2026

OpenShift Cloud Credential Operator CVE-2026-10843: Overview of Account-Wide IAM Over-Privilege in Mint Mode on AWS

A brief summary of CVE-2026-10843, a high severity over-privilege flaw in the OpenShift Cloud Credential Operator's mint mode that grants destructive AWS IAM permissions with account-wide scope rather than restricting them to cluster-owned resources.

CVE Analysis

10 min read

ZeroPath CVE Analysis
ZeroPath CVE Analysis

2026-06-04

OpenShift Cloud Credential Operator CVE-2026-10843: Overview of Account-Wide IAM Over-Privilege in Mint Mode on AWS
Experimental AI-Generated Content

This CVE analysis is an experimental publication that is completely AI-generated. The content may contain errors or inaccuracies and is subject to change as more information becomes available. We are continuously refining our process.

If you have feedback, questions, or notice any errors, please reach out to us.

[email protected]

Introduction

Every OpenShift cluster running on AWS in the default mint mode has been quietly provisioning IAM credentials with account wide destructive permissions, and a credential compromise in any one of four operators could cascade into S3 bucket deletions, EC2 instance terminations, and DNS record modifications across the entire AWS account. CVE-2026-10843 documents this over privilege flaw in the OpenShift Cloud Credential Operator (CCO), carrying a CVSS score of 7.2 (High) and classified under CWE-250 (Execution with Unnecessary Privileges).

With approximately 6,633 verified companies running Red Hat OpenShift as of 2026 and mint mode being the default credential provisioning strategy on AWS, the exposure surface is substantial. No patch is currently available, and the Bugzilla entry remains in NEW status with no target milestone.

Technical Information

How the Cloud Credential Operator Works in Mint Mode

The Cloud Credential Operator is a Kubernetes controller that watches CredentialsRequest custom resources and provisions cloud provider credentials for OpenShift components. In mint mode, the installer uses an admin level cloud credential to create new IAM users, each scoped to the permissions defined in the corresponding CredentialsRequest manifest.

The vulnerability is in the CredentialsRequest specifications themselves. For four critical OpenShift operators, the IAM policy statementEntries specify destructive AWS actions with Resource: "*". This grants permission against any resource in the AWS account rather than restricting operations to resources owned by the specific OpenShift cluster.

Affected Operators and Over Scoped Actions

OperatorDestructive AWS Actions Granted with Resource: "*"
Image RegistryS3 CreateBucket, DeleteBucket, PutObject, DeleteObject
Machine APIEC2 TerminateInstances, RunInstances
Ingress OperatorRoute53 ChangeResourceRecordSets
EBS CSI DriverEC2 DeleteVolume, DeleteSnapshot

Each of these operators receives its own IAM user with credentials stored as a Kubernetes Secret. The permissions are intended to support the operator's function within the cluster, but because the resource field is wildcarded, the credentials work against any matching resource in the account.

Attack Flow

The Bugzilla description identifies three credential compromise pathways:

1. Pod Compromise: An attacker who gains execution access inside a pod that mounts the operator's Kubernetes Secret (containing AWS access keys) can extract the credentials. The operator pods in namespaces like openshift-image-registry, openshift-machine-api, openshift-ingress-operator, and openshift-cluster-csi-drivers all mount Secrets containing these IAM credentials.

2. RBAC Escalation: A user or service account with sufficient Kubernetes RBAC permissions to read Secrets in the relevant namespace can retrieve the AWS access keys directly via kubectl get secret.

3. Secret Read Access: Any process or user with get or list permissions on the Secret resources referenced by the CredentialsRequest objects can extract the provisioned IAM credentials.

Once credentials are obtained, no additional vulnerability is required. The attacker calls the AWS API directly using the compromised credentials. Because the IAM policies specify Resource: "*", AWS enforces no restriction on which resources the actions target. An attacker with the Image Registry credentials, for example, can delete any S3 bucket in the account, not just the one used by the cluster's image registry. An attacker with Machine API credentials can terminate any EC2 instance in the account.

The Architectural Paradox

This vulnerability highlights a design tension worth understanding. Mint mode was introduced as the "recommended best practice" specifically because it creates per component credentials rather than sharing a single admin credential across all operators. The intent was to improve least privilege compliance through granularity. However, the implementation failed to restrict the Resource field in the IAM policies to cluster specific ARNs. The result is a worst of both worlds outcome: the operational simplicity of automation paired with the blast radius of account wide permissions.

CWE-250 Classification

CWE-250 (Execution with Unnecessary Privileges) describes software operating at a higher privilege level than required. MITRE rates the likelihood of exploit as medium. It is a child of CWE-269 (Improper Privilege Management) and CWE-657 (Violation of Secure Design Principles). The OWASP term "Excessive Agency" was adopted in the 2025 LLM Top Ten, reflecting growing recognition of over permissioned service accounts as a systemic cloud security risk.

Affected Systems and Versions

All versions of OpenShift Container Platform running on AWS with the Cloud Credential Operator configured in mint mode (the default) are affected. The four affected components are:

  • Image Registry Operator (CredentialsRequest for S3 access)
  • Machine API Operator (CredentialsRequest for EC2 access)
  • Ingress Operator (CredentialsRequest for Route53 access)
  • EBS CSI Driver Operator (CredentialsRequest for EBS volume access)

Deployments using manual mode, passthrough mode, or short lived token (OIDC) mode for the CCO are not affected by this specific vulnerability, as those modes do not auto provision IAM credentials from the over scoped CredentialsRequest manifests.

No fixed version has been identified. The Bugzilla entry (bug 2484738) remains in NEW status with no target milestone as of 2026-06-04.

Mitigation

Switch CCO Operating Mode

CCO ModeCredential HandlingTrade off
Mint Mode (default, vulnerable)CCO auto creates IAM users per CredentialsRequest with policy from manifestIAM policies are over scoped (this CVE)
Manual ModeAdministrator manually creates credentials in AWS and corresponding Kubernetes SecretsMost restrictive; no admin credentials stored in cluster; requires manual effort for installation and upgrades
Passthrough ModeSingle credential with sufficient permissions shared with all componentsBroader permissions per component; requires manual permission maintenance during upgrades

Manual mode provides the tightest control. Administrators can create IAM policies with resource ARNs restricted to cluster specific resources (e.g., specific S3 bucket ARNs, EC2 instance tags) rather than Resource: "*".

Short lived tokens with OIDC represent a longer term architectural improvement. The CCO supports an OpenID Connect Identity Provider flow where components assume a cloud role for temporary credentials. This avoids storing long lived credentials in the cluster and rotates them periodically, reducing the window for credential theft.

Applying CWE-250 Mitigations

MITRE's recommended mitigations for CWE-250 map directly to this scenario:

  • Environment Hardening: Run each operator with the lowest necessary privileges by scoping IAM policies to specific resource ARNs.
  • Separation of Privilege: Isolate credential access so that compromise of one operator's credentials cannot affect resources outside that operator's scope.
  • Attack Surface Reduction: Explicitly allow only the actions and resources each operator needs, denying all others by default.

Monitor for Official Patch

No RHSA or patched version has been published. The Bugzilla entry shows no fixed version and no target milestone. Organizations should monitor the Red Hat security advisory page for CVE-2026-10843 and apply the official fix when it becomes available.

Vendor Security History

Red Hat maintains a structured vulnerability management lifecycle with defined support periods for security fixes across all products. The company regularly publishes RHSAs for OpenShift Container Platform, including recent advisories such as RHSA-2026:20089 for OpenShift 4.16 and RHSA-2026:3782 for OpenShift AI 2.25.3.

Previous notable OpenShift security issues include CVE-2025-10725, a privilege escalation vulnerability in Red Hat OpenShift AI Service, and the historically significant CVE-2018-1002105, which allowed users to gain elevated privileges via the Kubernetes API server. Red Hat's security response process involves coordinated disclosure through [email protected], which is the listed source for CVE-2026-10843.

The tension between mint mode being the "recommended best practice" while simultaneously being the source of this over privilege vulnerability underscores a broader challenge in cloud native security: automation that improves one dimension of security (credential isolation) can degrade another (scope restriction) when the implementation does not fully enforce least privilege at every layer.

References

Detect & fix
what others miss

Works with
  • GitHub
  • GitLab
  • Bitbucket
  • Azure DevOps Services
  • Jira
  • Linear
  • Slack
  • Security Compass
Security magnifying glass visualization