CVE-2026-54100
Analyzed Analyzed - Analysis Complete

SSH Host Key Verification Bypass in Red Hat OpenShift WMCO

Vulnerability report for CVE-2026-54100, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-22

Last updated on: 2026-07-08

Assigner: Red Hat, Inc.

Description

A flaw was found in the Windows Machine Config Operator (WMCO) for Red Hat OpenShift Container Platform. WMCO establishes SSH connections to Windows worker nodes without verifying the remote server host key. An adjacent-network attacker who can intercept or redirect WMCO's SSH session can capture WICD and kubelet bootstrap credentials transferred during node configuration, enabling compromise of Windows node identities in the cluster.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-22
Last Modified
2026-07-08
Generated
2026-07-13
AI Q&A
2026-06-22
EPSS Evaluated
2026-07-11
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
redhat openshift_container_platform From 4.0 (inc) to 4.22.1 (inc)
redhat windows_machine_config_operator *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-295 The product does not validate, or incorrectly validates, a certificate.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

The vulnerability in CVE-2026-54100 affects the Windows Machine Config Operator (WMCO) used in Red Hat OpenShift Container Platform. WMCO establishes SSH connections to Windows worker nodes but does not verify the remote server's host key. This means that an attacker on the adjacent network can intercept or redirect these SSH sessions.

By exploiting this flaw, the attacker can capture sensitive credentials, specifically WICD and kubelet bootstrap credentials, which are transferred during the node configuration process. This enables the attacker to compromise the identities of Windows nodes within the cluster.

Impact Analysis

This vulnerability can have serious impacts by allowing an attacker on the same network to intercept SSH sessions between WMCO and Windows worker nodes. The attacker can steal critical credentials used for node configuration.

With these stolen credentials, the attacker can impersonate Windows nodes in the cluster, potentially gaining unauthorized access and control over those nodes. This can lead to compromise of the cluster's integrity, confidentiality, and availability.

Mitigation Strategies

The vulnerability arises because WMCO establishes SSH connections to Windows worker nodes without verifying the remote server host key, allowing interception and credential theft.

To mitigate this vulnerability immediately, ensure that SSH connections from WMCO verify the remote server's host key to prevent man-in-the-middle attacks.

Since the issue is under review by Red Hat Product Security, monitor official Red Hat advisories for patches or updates that address this flaw and apply them as soon as they become available.

Compliance Impact

The vulnerability allows an adjacent-network attacker to intercept or redirect SSH sessions and capture sensitive credentials used during node configuration. This exposure of sensitive information could lead to unauthorized access and compromise of Windows node identities within the cluster.

Such unauthorized access and potential data compromise may impact compliance with standards and regulations like GDPR and HIPAA, which require protection of sensitive data and secure authentication mechanisms to prevent unauthorized disclosure and access.

Detection Guidance

This vulnerability involves the Windows Machine Config Operator (WMCO) establishing SSH connections to Windows worker nodes without verifying the remote server host key. Detection would involve monitoring SSH sessions initiated by WMCO to check if host key verification is being performed.

Since WMCO does not verify the SSH host key, you can detect this vulnerability by inspecting SSH connection logs or network traffic between WMCO and Windows nodes for absence of host key verification steps.

Suggested commands to help detect this issue include:

  • Check SSH client configuration or logs on the WMCO pod or container to see if StrictHostKeyChecking is disabled or host key verification is skipped.
  • Use network packet capture tools like tcpdump or Wireshark on the network segment between WMCO and Windows nodes to analyze SSH handshake and verify if host key verification messages are missing.
  • Example tcpdump command to capture SSH traffic: tcpdump -i <interface> port 22 -w ssh_capture.pcap
  • Analyze the captured packets with Wireshark to check for SSH host key exchange and verification steps.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-54100. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart