CVE-2026-54100

Name of the Vulnerable Software and Affected Versions Red Hat OpenShift Container Platform 4 (affected versions not specified)

Description A flaw exists in the Windows Machine Config Operator (WMCO) where SSH connections to Windows worker nodes are established without verifying the remote server host key. An adjacent-network attacker capable of intercepting or redirecting the SSH session can capture WICD and kubelet bootstrap credentials transferred during node configuration, which allows for the compromise of Windows node identities within the cluster.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.