ByteOS Network

NVD Vulnerability Details :

CVE-2026-1784

Modified

Source-secalert@redhat.com

Published At-02 Jun, 2026 | 09:16

Updated At-10 Jun, 2026 | 10:16

The Route OpenShift resource allows to define routes to make pods reachable at a subdomain through HAProxy. It was found that the checks performed on the spec.path YAML stanza in a Route document was insufficient and could allow a controlled injection of the HAProxy configuration.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	8.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Type: Secondary

Version: 3.1

Base score: 8.8

Base severity: HIGH

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CPE Matches

Red Hat, Inc.

>>openshift_container_platform>>4.0

cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-15	Secondary	secalert@redhat.com

CWE ID: CWE-15

Type: Secondary

Source: secalert@redhat.com

References

Hyperlink	Source	Resource
https://access.redhat.com/errata/RHSA-2026:23246	secalert@redhat.com	N/A
https://access.redhat.com/security/cve/CVE-2026-1784	secalert@redhat.com	Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2436075	secalert@redhat.com	Issue Tracking Vendor Advisory

Hyperlink: https://access.redhat.com/errata/RHSA-2026:23246

Source: secalert@redhat.com

Resource: N/A

Hyperlink: https://access.redhat.com/security/cve/CVE-2026-1784

Source: secalert@redhat.com

Resource:

Vendor Advisory

Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2436075

Source: secalert@redhat.com

Resource:

Issue Tracking

Vendor Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History