Openshift/cluster-logging-operator: cluster logging operator creates and forwards serviceaccount tokens without...

6.8 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Description

A missing authorization flaw was found in the OpenShift Cluster Logging Operator. The operator creates and forwards ServiceAccount tokens to output destinations without verifying that the ClusterLogForwarder creator has permission to use those credentials, allowing a delegated editor to exfiltrate SA tokens and escalate privileges.

Basic Information

ID CVE-2026-10609

Source redhat

Published Jun 23, 2026 at 13:26

Modified Jun 23, 2026 at 13:58

Affected Product

Vendor Red Hat

Product Logging Subsystem for Red Hat OpenShift

CWE Classification

CWE-862

References

{
    "lastseen": "",
    "description": "A missing authorization flaw was found in the OpenShift Cluster Logging Operator. The operator creates and forwards ServiceAccount tokens to output destinations without verifying that the ClusterLogForwarder creator has permission to use those credentials, allowing a delegated editor to exfiltrate SA tokens and escalate privileges.",
    "published": "2026-06-23T13:26:43.454Z",
    "modified": "2026-06-23T13:58:28.816Z",
    "type": "cve",
    "title": "Openshift/cluster-logging-operator: cluster logging operator creates and forwards serviceaccount tokens without verifying clf creator authorization",
    "source": "redhat",
    "references": "https://access.redhat.com/security/cve/CVE-2026-10609\nhttps://bugzilla.redhat.com/show_bug.cgi?id=2483943",
    "id": "CVE-2026-10609",
    "bulletinFamily": "",
    "cwe": [
        "CWE-862"
    ],
    "cvelist": null,
    "sourceData": "",
    "sourceHref": "",
    "cvss": {
        "score": 6.8,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Logging Subsystem for Red Hat OpenShift",
    "version": "",
    "vendor": "Red Hat",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Openshift/cluster-logging-operator: cluster logging operator creates and forwards serviceaccount tokens without verifying clf creator authorization_CVE-2026-10609