{"api_version":"1","generated_at":"2026-04-17T09:18:41+00:00","cve":"CVE-2026-4740","urls":{"html":"https://cve.report/CVE-2026-4740","api":"https://cve.report/api/cve/CVE-2026-4740.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-4740","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-4740"},"summary":{"title":"Rhacm: open cluster management (ocm): cross-cluster privilege escalation via improper kubernetes client certificate renewal validation","description":"A flaw was found in Open Cluster Management (OCM), the technology underlying Red Hat Advanced Cluster Management (ACM). Improper validation of Kubernetes client certificate renewal allows a managed cluster administrator to forge a client certificate that can be approved by the OCM controller. This enables cross-cluster privilege escalation and may allow an attacker to gain control over other managed clusters, including the hub cluster.","state":"PUBLISHED","assigner":"redhat","published_at":"2026-04-07 15:17:46","updated_at":"2026-04-08 21:27:00"},"problem_types":["CWE-295","CWE-295 Improper Certificate Validation"],"metrics":[{"version":"3.1","source":"secalert@redhat.com","type":"Primary","score":"8.2","severity":"HIGH","vector":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"8.2","severity":"HIGH","vector":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H","data":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":8.2,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"HIGH","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H","version":"3.1"}}],"references":[{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450590","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2450590","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://blog.arfevrier.fr/open-cluster-management-cross-cluster-escape/","name":"https://blog.arfevrier.fr/open-cluster-management-cross-cluster-escape/","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/security/cve/CVE-2026-4740","name":"https://access.redhat.com/security/cve/CVE-2026-4740","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-4740","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-4740","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Red Hat","product":"Multicluster Engine for Kubernetes","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Multicluster Engine for Kubernetes","version":"","platforms":[]}],"timeline":[{"source":"CNA","time":"2026-03-24T03:18:24.150Z","lang":"en","value":"Reported to Red Hat."},{"source":"CNA","time":"2026-04-07T14:00:35.240Z","lang":"en","value":"Made public."}],"solutions":[],"workarounds":[{"source":"CNA","title":"","value":"Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.","time":"","lang":"en"}],"exploits":[],"credits":[{"source":"CNA","value":"Red Hat would like to thank Arnaud FEVRIER (Orange) for reporting this issue.","lang":"en"}],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"4740","cve":"CVE-2026-4740","epss":"0.000080000","percentile":"0.007000000","score_date":"2026-04-13","updated_at":"2026-04-14 00:12:05"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"cna":{"affected":[{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:multicluster_engine"],"defaultStatus":"affected","packageName":"multicluster-engine/registration-operator-rhel9","product":"Multicluster Engine for Kubernetes","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:multicluster_engine"],"defaultStatus":"affected","packageName":"multicluster-engine/registration-rhel9","product":"Multicluster Engine for Kubernetes","vendor":"Red Hat"}],"credits":[{"lang":"en","value":"Red Hat would like to thank Arnaud FEVRIER (Orange) for reporting this issue."}],"datePublic":"2026-04-07T14:00:35.240Z","descriptions":[{"lang":"en","value":"A flaw was found in Open Cluster Management (OCM), the technology underlying Red Hat Advanced Cluster Management (ACM). Improper validation of Kubernetes client certificate renewal allows a managed cluster administrator to forge a client certificate that can be approved by the OCM controller. This enables cross-cluster privilege escalation and may allow an attacker to gain control over other managed clusters, including the hub cluster."}],"metrics":[{"other":{"content":{"namespace":"https://access.redhat.com/security/updates/classification/","value":"Important"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":8.2,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"HIGH","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-295","description":"Improper Certificate Validation","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-04-07T14:30:36.396Z","orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat"},"references":[{"tags":["vdb-entry","x_refsource_REDHAT"],"url":"https://access.redhat.com/security/cve/CVE-2026-4740"},{"url":"https://blog.arfevrier.fr/open-cluster-management-cross-cluster-escape/"},{"name":"RHBZ#2450590","tags":["issue-tracking","x_refsource_REDHAT"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450590"}],"timeline":[{"lang":"en","time":"2026-03-24T03:18:24.150Z","value":"Reported to Red Hat."},{"lang":"en","time":"2026-04-07T14:00:35.240Z","value":"Made public."}],"title":"Rhacm: open cluster management (ocm): cross-cluster privilege escalation via improper kubernetes client certificate renewal validation","workarounds":[{"lang":"en","value":"Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}],"x_generator":{"engine":"cvelib 1.8.0"},"x_redhatCweChain":"CWE-295: Improper Certificate Validation"}},"cveMetadata":{"assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","cveId":"CVE-2026-4740","datePublished":"2026-04-07T14:30:36.396Z","dateReserved":"2026-03-24T03:19:46.998Z","dateUpdated":"2026-04-07T14:30:36.396Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-04-07 15:17:46","lastModifiedDate":"2026-04-08 21:27:00","problem_types":["CWE-295","CWE-295 Improper Certificate Validation"],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.5,"impactScore":6}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"4740","Ordinal":"1","Title":"Rhacm: open cluster management (ocm): cross-cluster privilege es","CVE":"CVE-2026-4740","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"4740","Ordinal":"1","NoteData":"A flaw was found in Open Cluster Management (OCM), the technology underlying Red Hat Advanced Cluster Management (ACM). Improper validation of Kubernetes client certificate renewal allows a managed cluster administrator to forge a client certificate that can be approved by the OCM controller. This enables cross-cluster privilege escalation and may allow an attacker to gain control over other managed clusters, including the hub cluster.","Type":"Description","Title":"Rhacm: open cluster management (ocm): cross-cluster privilege es"}]}}}