CVE-2026-1784
HighCVSS 8.8Exploitation Probability (EPSS)
Low risk5th percentile - higher than 5% of all known CVEs
Summary
A vulnerability in the Route resource of OpenShift allows uncontrolled modification of HAProxy configuration due to insufficient validation of the spec.path field in a Route document. An attacker can inject malicious configuration, leading to network traffic hijacking.
Risk Assessment
The organization is at risk of traffic interception or redirection to vulnerable subdomains, potentially resulting in data leakage or service integrity compromise.
Recommendation
Immediately update OpenShift to a patched version and implement additional validation mechanisms for Route definitions, such as security policy rules.
Original NVD description (English source)
The Route OpenShift resource allows to define routes to make pods reachable at a subdomain through HAProxy. It was found that the checks performed on the spec.path YAML stanza in a Route document was insufficient and could allow a controlled injection of the HAProxy configuration.

