CVE-2026-7163: Assisted-service: assisted-service: authenticated users can gain administrative access to openshift clusters via credential disclosure
A vulnerability in the assisted-service REST API, an optional Assisted Installer (assisted-service) component in the Multicluster Engine (MCE), allows an authenticated user with minimal namespace-scoped privileges to obtain administrative credentials for arbitrary clusters provisioned through the hub.
The credentials download endpoint (GET /v2/clusters/{cluster_id}/credentials, which returns the kubeadmin password) and the kubeconfig download endpoint are operational in AUTH_TYPE=local mode, the only authentication mode available in on-premises ACM/MCE hub deployments. The local authenticator unconditionally grants full administrative access to any request bearing a valid JWT, with no per-endpoint restrictions. A valid local JWT is embedded as a plaintext query parameter in InfraEnvStatus.ISODownloadURL and is readable by any user who has get rights on an InfraEnv object in their own namespace.
The affected components ship as part of Multicluster Engine (MCE). The Red Hat Advanced Cluster Management (ACM) deployments that include MCE are equally affected.
This issue does not affect the hosted SaaS offering (console.redhat.com), which uses a different authentication mode.
Successful exploitation gives the attacker the kubeadmin password and kubeconfig for any OpenShift cluster provisioned through the affected hub, granting unrestricted root-level administrative access to those spoke clusters.
Security readout for executives and security teams
Plain-English summary
In affected on-premises Red Hat MCE or ACM deployments, a low-privileged authenticated user may be able to retrieve administrative OpenShift credentials for clusters managed through the hub. The hosted console.redhat.com service is stated as not affected. Business impact is high where shared hub access exists because compromise can become root-level control of spoke clusters.
Executive priority
Treat as urgent for on-premises hub environments with multiple users or tenants. The CVSS is medium, but credential disclosure can give administrative control of spoke clusters. Hosted Red Hat SaaS exposure is not indicated by the provided sources.
Technical view
The assisted-service REST API exposes credentials and kubeconfig download endpoints in AUTH_TYPE=local mode. The local authenticator grants full administrative access to any valid JWT, and a local JWT appears in plaintext in InfraEnvStatus.ISODownloadURL. Users with get access to an InfraEnv in their namespace can potentially obtain kubeadmin credentials for arbitrary provisioned clusters.
Likely exposure
On-premises ACM/MCE hubs using assisted-service in local authentication mode are the exposure focus. Affected products listed include Red Hat multicluster engine for Kubernetes 2.7, 2.9, 2.10, and 2.11 package builds. Hosted SaaS console.redhat.com is stated as unaffected.
Exploitation context
The bundle does not indicate CISA KEV listing or active exploitation. Exploitation requires an authenticated user with minimal namespace-scoped access and readable InfraEnv data. The outcome is credential disclosure, not code execution, but disclosed kubeadmin credentials can grant unrestricted administrative control of managed OpenShift clusters.
Researcher notes
Key issue is authorization failure around local JWT trust and credential download endpoints. The source bundle identifies CWE-312 and CVSS 6.1. Evidence is strong for affected Red Hat MCE/ACM on-premises deployments, but the bundle does not provide exploit-in-the-wild evidence or exact fixed version details.
Mitigation direction
Review Red Hat CVE guidance and the applicable RHSA advisories for fixed package guidance.
Prioritize updates for affected MCE or ACM hubs that manage production clusters.
Restrict get access to InfraEnv objects to users who genuinely need it.
Audit hub users and namespace-scoped roles that can read InfraEnv resources.
After remediation, assess whether exposed cluster admin credentials require rotation.
Validation and detection
Inventory ACM/MCE hub deployments and confirm whether assisted-service is installed.
Check whether the deployment is on-premises and using AUTH_TYPE=local mode.
Compare installed MCE versions and package builds against the affected list.
Review RBAC for users who can get InfraEnv objects in namespaces.
Verify remediation status against Red Hat RHSA and CVE records.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cwe · low confidence lookup
CWE-312: Exact CWE lookup
Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
The CVE wording references authentication or credential exposure, so valid-account and credential-access review may help. This is a Glexia inferred lookup path, not an official MITRE, ATT&CK, or CVE Program mapping.
The affected technology mentions containers, so container-specific ATT&CK technique review may help. This is a Glexia inferred lookup path, not an official MITRE, ATT&CK, or CVE Program mapping.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
CWE-312 · source CWE mapping
Cleartext Storage of Sensitive Information
Cleartext Storage of Sensitive Information represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.