Unknown · Open Cluster Management · CVE-2026-4740
Name of the Vulnerable Software and Affected Versions
Open Cluster Management (OCM) (affected versions not specified)
Description
A flaw exists due to improper validation of Kubernetes client certificate renewal. This allows a managed cluster administrator to forge a client certificate that can be approved by the OCM controller, potentially leading to cross-cluster privilege escalation and control over other managed clusters, including the hub cluster.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.