CVE-2026-1784

Summary

The Route OpenShift resource allows to define routes to make pods reachable at a subdomain through HAProxy. It was found that the checks performed on the spec.path YAML stanza in a Route document was insufficient and could allow a controlled injection of the HAProxy configuration.

Affected Software

VendorProductVersion RangeStatus
Red HatRed Hat OpenShift Container Platform 4.131781123014 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.141781870101 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.151781928857 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.161780962617 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.181780988280 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.191780043338 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.201780990977 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.211780444348 < *unaffected

Weaknesses

  • CWE-15: External Control of System or Configuration Setting

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

ose-cluster-ingress-operator: Remote Code Execution Through HAProxy Configuration Injection

Additional References

References