Description
The Route OpenShift resource allows to define routes to make pods reachable at a subdomain through HAProxy. It was found that the checks performed on the spec.path YAML stanza in a Route document was insufficient and could allow a controlled injection of the HAProxy configuration.
Published: 2026-06-02
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in the spec.path YAML stanza of Route objects in OpenShift Container Platform. Insufficient validation allows attackers to inject arbitrary HAProxy configuration directives. This injection can alter load‑balancing rules or inject commands, enabling remote code execution on the cluster nodes that run the HAProxy process. The primary consequence is a breach of confidentiality, integrity, and availability of the affected services and potentially the underlying host if the injected configuration exploits system privileges.

Affected Systems

The affected product is Red Hat OpenShift Container Platform 4. Specific version information is not provided in the CVE data, so administrators should verify whether their deployment runs the identified component of the cluster ingress operator.

Risk and Exploitability

The CVSS score of 8.8 indicates a high severity impact. The EPSS score is not available, but the absence of a KEV listing suggests no confirmed active exploitation in the wild at the time of this analysis. Attackers can exploit the flaw from an external network by creating a malicious Route resource, assuming they have permission to define Routes. The path injection can lead to arbitrary code execution via the HAProxy configuration loaded by the ingress operator.

Generated by OpenCVE AI on June 2, 2026 at 09:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Red Hat OpenShift Container Platform 4 update that contains the ingress operator fix.
  • Limit permissions so only trusted administrators can create or modify Route resources.
  • Audit HAProxy configuration and connection logs for unauthorized or anomalous directives after any Route creation.

Generated by OpenCVE AI on June 2, 2026 at 09:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 02 Jun 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat openshift Container Platform
Vendors & Products Redhat openshift Container Platform

Tue, 02 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 02 Jun 2026 12:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Important

Tue, 02 Jun 2026 08:30:00 +0000

Type Values Removed Values Added
Description The Route OpenShift resource allows to define routes to make pods reachable at a subdomain through HAProxy. It was found that the checks performed on the spec.path YAML stanza in a Route document was insufficient and could allow a controlled injection of the HAProxy configuration.
Title Ose-cluster-ingress-operator: remote code execution through haproxy configuration injection
First Time appeared Redhat
Redhat openshift
Weaknesses CWE-15
CPEs cpe:/a:redhat:openshift:4
Vendors & Products Redhat
Redhat openshift
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H'}

Subscriptions

Redhat Openshift Openshift Container Platform
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-06-02T12:20:25.547Z

Reserved: 2026-02-02T21:17:24.893Z

Link: CVE-2026-1784

cve-icon Vulnrichment

Updated: 2026-06-02T12:20:18.274Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-02T09:16:15.683

Modified: 2026-06-02T14:01:54.893

Link: CVE-2026-1784

cve-icon Redhat

Severity : Important

Publid Date: 2026-06-02T07:12:31Z

Links: CVE-2026-1784 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-02T14:45:10Z

Weaknesses