8.8

CVE-2026-1784

Ose-cluster-ingress-operator: remote code execution through haproxy configuration injection

The Route OpenShift resource allows to define routes to make pods reachable at a subdomain through HAProxy. It was found that the checks performed on the spec.path YAML stanza in a Route document was insufficient and could allow a controlled injection of the HAProxy configuration.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.15% 0.045
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
secalert@redhat.com 8.8 2 6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
0b0ca135-0b70-47e7-9f44-1890c2a1c46c 8.8 2 6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CWE-15 External Control of System or Configuration Setting

One or more system settings or configuration elements can be externally controlled by a user.

https://access.redhat.com/security/cve/CVE-2026-1784
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2436075
Vendor Advisory
Issue Tracking
https://access.redhat.com/errata/RHSA-2026:23246
https://access.redhat.com/errata/RHSA-2026:23241
https://access.redhat.com/errata/RHSA-2026:25045
https://access.redhat.com/errata/RHSA-2026:25182
https://access.redhat.com/errata/RHSA-2026:25194
https://access.redhat.com/errata/RHSA-2026:26543
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1784.json
https://access.redhat.com/errata/RHSA-2026:28893
https://access.redhat.com/errata/RHSA-2026:28964