CVE-2026-14251
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
15/07/2026
Last modified:
15/07/2026
Description
A flaw was found in the OpenShift GitOps operator. The ClusterRole reconciler does not validate resource ownership when reconciling ClusterRole objects. A namespace-scoped Argo CD instance can trigger deletion of a ClusterRole owned by a cluster-scoped Argo CD instance by crafting a name collision, resulting in a denial of service.
Impact
Base Score 3.x
7.70
Severity 3.x
HIGH



