MEDIUM
metal3-io
CVE published 2026-06-12
CVE-2026-47190
CVE-2026-47190 is a vulnerability in IPAM, the IP address Manager for Cluster API Provider Metal3. The IPAM controller's ClusterRole granted excessive CRUD (create, delete, get, list, patch, update, watch) permissions on core/v1 Secrets. These excessive permissions could allow an attacker to read, modify, or delete Secrets in the namespace if the controller pod were compromised, potentially exposing crede [truncated]