PatchSiren cyber security CVE debrief
CVE-2026-10843 Red Hat CVE debrief
CVE-2026-10843 is a HIGH severity vulnerability with a CVSS score of 7.2. The flaw was found in the OpenShift Cloud Credential Operator Mint-mode IAM policies for AWS. Operator credentials are provisioned with account-wide scope for destructive actions rather than being restricted to cluster-owned resources, enabling cross-scope impact after credential compromise. The CVE was published on [cvePublishedAt](https://www.cve.org/CVERecord?id=CVE-2026-10843) and last modified on [cveModifiedAt](https://nvd.nist.gov/vuln/detail/CVE-2026-10843).
- Vendor
- Red Hat
- Product
- Red Hat OpenShift Container Platform 4
- CVSS
- HIGH 7.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-04
- Original CVE updated
- 2026-06-04
- Advisory published
- 2026-06-04
- Advisory updated
- 2026-06-04
Who should care
Users of OpenShift Cloud Credential Operator in Mint-mode IAM policies for AWS should be aware of this vulnerability and take necessary actions to mitigate the risk.
Technical summary
The OpenShift Cloud Credential Operator Mint-mode IAM policies for AWS provision operator credentials with account-wide scope for destructive actions, rather than restricting them to cluster-owned resources. This enables cross-scope impact after credential compromise.
Defensive priority
HIGH
Recommended defensive actions
- Review and update OpenShift Cloud Credential Operator Mint-mode IAM policies for AWS to restrict operator credentials to cluster-owned resources.
- Monitor and analyze logs for suspicious activity related to credential usage.
- Implement additional security measures to prevent credential compromise.
Evidence notes
Vendor: Unknown Vendor (confidence: low, needs review).
Official resources
CVE-2026-10843 was published on 2026-06-04T12:16:24.970Z and last modified on 2026-06-04T15:35:18.623Z.