CVE-2026-4740 - Vulnerability Analysis
HighCVSS: 8.2Last Updated: April 7, 2026
Open Cluster Management - Broken Access Control
Overview
Open Cluster Management contains a broken access control vulnerability caused by improper validation of Kubernetes client certificate renewal, letting managed cluster administrators escalate privileges across clusters, exploit requires managed cluster admin privileges.
Severity & Score
Impact
Attackers with managed cluster admin privileges can escalate privileges across clusters, potentially gaining control over other managed and hub clusters.
Mitigation
Update to the latest version of Open Cluster Management.
References
Social Media Activity(2 posts)
š CVE-2026-4740 - High (8.2) A flaw was found in Open Cluster Management (OCM), the technology underlying Red Hat Advanced Cluster Management (ACM). Improper validation of Kubernetes client certificate renewal allows a managed cluster administrator to forge a client certifica... š https://www.thehackerwire.com/vulnerability/CVE-2026-4740/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š CVE-2026-4740 - High (8.2) A flaw was found in Open Cluster Management (OCM), the technology underlying Red Hat Advanced Cluster Management (ACM). Improper validation of Kubernetes client certificate renewal allows a managed cluster administrator to forge a client certifica... š https://www.thehackerwire.com/vulnerability/CVE-2026-4740/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-4740
- Severity
- High
- CVSS Score
- 8.2
- Type
- broken_access_control
- Status
- new
- EPSS
- 0.0%
- Social Posts
- 2
CWE
- CWE-295
CVSS Metrics
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H