CVE-2026-1784

CVE Database · CVE-2026-1784

CVE-2026-1784

· HIGHModified

CVSS v3.1

8.8

EPSS

0.14%

Published

Jun 2, 2026

Modified

Jun 11, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The Route OpenShift resource allows to define routes to make pods reachable at a subdomain through HAProxy. It was found that the checks performed on the spec.path YAML stanza in a Route document was insufficient and could allow a controlled injection of the HAProxy configuration.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Weaknesses (CWE)

CWE-15

Affected Products (1)

redhat · openshift_container_platformvulnerable

References (4)

https://access.redhat.com/errata/RHSA-2026:23241

https://access.redhat.com/errata/RHSA-2026:23246

https://access.redhat.com/security/cve/CVE-2026-1784

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2436075

Issue TrackingVendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs