PT-2026-51518 · Red Hat · Logging Subsystem For Red Hat Openshift

Published

2026-06-23

Updated

2026-06-23

CVE-2026-10609

CVSS v3.1

6.8

Medium

Vector

AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

A missing authorization flaw was found in the OpenShift Cluster Logging Operator. The operator creates and forwards ServiceAccount tokens to output destinations without verifying that the ClusterLogForwarder creator has permission to use those credentials, allowing a delegated editor to exfiltrate SA tokens and escalate privileges.

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2026-10609

Affected Products

Logging Subsystem For Red Hat Openshift

PT-2026-51518 · Red Hat · Logging Subsystem For Red Hat Openshift

CVE-2026-10609

Weakness Enumeration

Related Identifiers

Affected Products

References · 3