Introduction
Every OpenShift cluster running on AWS in the default mint mode has been quietly provisioning IAM credentials with account wide destructive permissions, and a credential compromise in any one of four operators could cascade into S3 bucket deletions, EC2 instance terminations, and DNS record modifications across the entire AWS account. CVE-2026-10843 documents this over privilege flaw in the OpenShift Cloud Credential Operator (CCO), carrying a CVSS score of 7.2 (High) and classified under CWE-250 (Execution with Unnecessary Privileges).
With approximately 6,633 verified companies running Red Hat OpenShift as of 2026 and mint mode being the default credential provisioning strategy on AWS, the exposure surface is substantial. No patch is currently available, and the Bugzilla entry remains in NEW status with no target milestone.
Technical Information
How the Cloud Credential Operator Works in Mint Mode
The Cloud Credential Operator is a Kubernetes controller that watches CredentialsRequest custom resources and provisions cloud provider credentials for OpenShift components. In mint mode, the installer uses an admin level cloud credential to create new IAM users, each scoped to the permissions defined in the corresponding CredentialsRequest manifest.
The vulnerability is in the CredentialsRequest specifications themselves. For four critical OpenShift operators, the IAM policy statementEntries specify destructive AWS actions with Resource: "*". This grants permission against any resource in the AWS account rather than restricting operations to resources owned by the specific OpenShift cluster.
Affected Operators and Over Scoped Actions
| Operator | Destructive AWS Actions Granted with Resource: "*" |
|---|---|
| Image Registry | S3 CreateBucket, DeleteBucket, PutObject, DeleteObject |
| Machine API | EC2 TerminateInstances, RunInstances |
| Ingress Operator | Route53 ChangeResourceRecordSets |
| EBS CSI Driver | EC2 DeleteVolume, DeleteSnapshot |
Each of these operators receives its own IAM user with credentials stored as a Kubernetes Secret. The permissions are intended to support the operator's function within the cluster, but because the resource field is wildcarded, the credentials work against any matching resource in the account.
Attack Flow
The Bugzilla description identifies three credential compromise pathways:
1. Pod Compromise: An attacker who gains execution access inside a pod that mounts the operator's Kubernetes Secret (containing AWS access keys) can extract the credentials. The operator pods in namespaces like openshift-image-registry, openshift-machine-api, openshift-ingress-operator, and openshift-cluster-csi-drivers all mount Secrets containing these IAM credentials.
2. RBAC Escalation: A user or service account with sufficient Kubernetes RBAC permissions to read Secrets in the relevant namespace can retrieve the AWS access keys directly via kubectl get secret.
3. Secret Read Access: Any process or user with get or list permissions on the Secret resources referenced by the CredentialsRequest objects can extract the provisioned IAM credentials.
Once credentials are obtained, no additional vulnerability is required. The attacker calls the AWS API directly using the compromised credentials. Because the IAM policies specify Resource: "*", AWS enforces no restriction on which resources the actions target. An attacker with the Image Registry credentials, for example, can delete any S3 bucket in the account, not just the one used by the cluster's image registry. An attacker with Machine API credentials can terminate any EC2 instance in the account.
The Architectural Paradox
This vulnerability highlights a design tension worth understanding. Mint mode was introduced as the "recommended best practice" specifically because it creates per component credentials rather than sharing a single admin credential across all operators. The intent was to improve least privilege compliance through granularity. However, the implementation failed to restrict the Resource field in the IAM policies to cluster specific ARNs. The result is a worst of both worlds outcome: the operational simplicity of automation paired with the blast radius of account wide permissions.
CWE-250 Classification
CWE-250 (Execution with Unnecessary Privileges) describes software operating at a higher privilege level than required. MITRE rates the likelihood of exploit as medium. It is a child of CWE-269 (Improper Privilege Management) and CWE-657 (Violation of Secure Design Principles). The OWASP term "Excessive Agency" was adopted in the 2025 LLM Top Ten, reflecting growing recognition of over permissioned service accounts as a systemic cloud security risk.
Affected Systems and Versions
All versions of OpenShift Container Platform running on AWS with the Cloud Credential Operator configured in mint mode (the default) are affected. The four affected components are:
- Image Registry Operator (CredentialsRequest for S3 access)
- Machine API Operator (CredentialsRequest for EC2 access)
- Ingress Operator (CredentialsRequest for Route53 access)
- EBS CSI Driver Operator (CredentialsRequest for EBS volume access)
Deployments using manual mode, passthrough mode, or short lived token (OIDC) mode for the CCO are not affected by this specific vulnerability, as those modes do not auto provision IAM credentials from the over scoped CredentialsRequest manifests.
No fixed version has been identified. The Bugzilla entry (bug 2484738) remains in NEW status with no target milestone as of 2026-06-04.
Mitigation
Switch CCO Operating Mode
| CCO Mode | Credential Handling | Trade off |
|---|---|---|
| Mint Mode (default, vulnerable) | CCO auto creates IAM users per CredentialsRequest with policy from manifest | IAM policies are over scoped (this CVE) |
| Manual Mode | Administrator manually creates credentials in AWS and corresponding Kubernetes Secrets | Most restrictive; no admin credentials stored in cluster; requires manual effort for installation and upgrades |
| Passthrough Mode | Single credential with sufficient permissions shared with all components | Broader permissions per component; requires manual permission maintenance during upgrades |
Manual mode provides the tightest control. Administrators can create IAM policies with resource ARNs restricted to cluster specific resources (e.g., specific S3 bucket ARNs, EC2 instance tags) rather than Resource: "*".
Short lived tokens with OIDC represent a longer term architectural improvement. The CCO supports an OpenID Connect Identity Provider flow where components assume a cloud role for temporary credentials. This avoids storing long lived credentials in the cluster and rotates them periodically, reducing the window for credential theft.
Applying CWE-250 Mitigations
MITRE's recommended mitigations for CWE-250 map directly to this scenario:
- Environment Hardening: Run each operator with the lowest necessary privileges by scoping IAM policies to specific resource ARNs.
- Separation of Privilege: Isolate credential access so that compromise of one operator's credentials cannot affect resources outside that operator's scope.
- Attack Surface Reduction: Explicitly allow only the actions and resources each operator needs, denying all others by default.
Monitor for Official Patch
No RHSA or patched version has been published. The Bugzilla entry shows no fixed version and no target milestone. Organizations should monitor the Red Hat security advisory page for CVE-2026-10843 and apply the official fix when it becomes available.
Vendor Security History
Red Hat maintains a structured vulnerability management lifecycle with defined support periods for security fixes across all products. The company regularly publishes RHSAs for OpenShift Container Platform, including recent advisories such as RHSA-2026:20089 for OpenShift 4.16 and RHSA-2026:3782 for OpenShift AI 2.25.3.
Previous notable OpenShift security issues include CVE-2025-10725, a privilege escalation vulnerability in Red Hat OpenShift AI Service, and the historically significant CVE-2018-1002105, which allowed users to gain elevated privileges via the Kubernetes API server. Red Hat's security response process involves coordinated disclosure through [email protected], which is the listed source for CVE-2026-10843.
The tension between mint mode being the "recommended best practice" while simultaneously being the source of this over privilege vulnerability underscores a broader challenge in cloud native security: automation that improves one dimension of security (credential isolation) can degrade another (scope restriction) when the implementation does not fully enforce least privilege at every layer.
References
- CVE-2026-10843 NVD Entry
- Red Hat Bugzilla Bug 2484738
- OpenShift Cloud Credential Operator GitHub Repository
- OKD Documentation: The Cloud Credential Operator in Mint Mode
- OpenShift 4.16 Managing Cloud Provider Credentials
- OpenShift 4.10 Managing Cloud Provider Credentials
- CWE-250: Execution with Unnecessary Privileges
- CWE-269: Improper Privilege Management
- Red Hat Vulnerability Management and Lifecycle
- Red Hat Security Updates Portal
- Companies Using Red Hat OpenShift in 2026 (Landbase)
- Proofpoint: 2026 Vulnerability Exploitation in the Wild
- Penligent: CVE 2026 Vulnerabilities That Matter Most
- CVE-2025-10725: Red Hat OpenShift AI Privilege Escalation
- RHSA-2026:20089 Security Advisory
- RHSA-2026:3782 Security Advisory
- OpenShift Container Platform CVEs (OpenCVE)



