Vulnerability in Red Hat Multicluster Engine For Kubernetes 2.1
CVE-2026-7163
A vulnerability in the assisted-service REST API, an optional Assisted Installer (assisted-service) component in the Multicluster Engine (MCE), allows an authenticated user with minimal namespace-scoped privileges to obtain administrative…
EPSS: 0.000 (0.6th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.1 (Medium). Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N.
Affected products
- Red Hat Multicluster Engine For Kubernetes 2.1 — versions 1776983527
- Red Hat Multicluster Engine For Kubernetes 2.10 — versions 1776983527
- Red Hat Multicluster Engine For Kubernetes 2.11 — versions 1776987609
- Red Hat Multicluster Engine For Kubernetes 2.7 — versions 1777205801, 1777205772
- Red Hat Multicluster Engine For Kubernetes 2.9 — versions 1778464111, 1778464072
- Redhat Multicluster_engine_for_kubernetes — versions 2.1, 2.7
Weakness classification (CWE)
References
- secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
- secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
- secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
- secalert@redhat.com (x_refsource_REDHAT, vdb-entry, Vendor Advisory)
- secalert@redhat.com (x_refsource_REDHAT, issue-tracking, Issue Tracking)
- secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
- secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)
- secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)
Frequently asked questions
- What is CVE-2026-7163?
- CVE-2026-7163 is a medium-severity vulnerability in Red Hat Multicluster Engine For Kubernetes 2.1, classified under Cleartext Storage of Sensitive Information. CVSS score: 6.1/10. Published 2026-04-30.
- How severe is CVE-2026-7163?
- Medium severity. CVSS v3 base score is 6.1 out of 10.