8.8
CVE-2026-1784
- EPSS 0.15%
- Veröffentlicht 02.06.2026 07:22:26
- Zuletzt bearbeitet 02.07.2026 12:16:56
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Ose-cluster-ingress-operator: remote code execution through haproxy configuration injection
The Route OpenShift resource allows to define routes to make pods reachable at a subdomain through HAProxy. It was found that the checks performed on the spec.path YAML stanza in a Route document was insufficient and could allow a controlled injection of the HAProxy configuration.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Redhat ≫ Openshift Container Platform Version4.0
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.15% | 0.045 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| secalert@redhat.com | 8.8 | 2 | 6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
|
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | 8.8 | 2 | 6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
|
CWE-15 External Control of System or Configuration Setting
One or more system settings or configuration elements can be externally controlled by a user.
https://access.redhat.com/security/cve/CVE-2026-1784
https://bugzilla.redhat.com/show_bug.cgi?id=2436075
https://access.redhat.com/errata/RHSA-2026:23246
https://access.redhat.com/errata/RHSA-2026:23241
https://access.redhat.com/errata/RHSA-2026:25045
https://access.redhat.com/errata/RHSA-2026:25182
https://access.redhat.com/errata/RHSA-2026:25194
https://access.redhat.com/errata/RHSA-2026:26543
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1784.json
https://access.redhat.com/errata/RHSA-2026:28893
https://access.redhat.com/errata/RHSA-2026:28964