CVE Catalog

CVE-2026-42965

HighCVSS 7.7
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.23%

13th percentile - higher than 13% of all known CVEs

Summary

A flaw in OpenShift Router allows a user with EndpointSlice write access to create a Service backed by an FQDN EndpointSlice that resolves to a cloud metadata endpoint. The router then proxies requests to this endpoint, leading to disclosure of instance credentials and other sensitive metadata. This bypasses previous IP address validation security measures.

Risk Assessment

The organization is at risk of leaking cloud instance credentials and other sensitive metadata, potentially enabling an attacker to escalate privileges and access cloud resources.

Recommendation

Immediately update OpenShift Router to a patched version and restrict EndpointSlice write permissions to trusted entities only.

Original NVD description (English source)

A flaw was found in the OpenShift Router. A user with EndpointSlice write access can exploit this vulnerability by creating a Service backed by an FQDN (Fully Qualified Domain Name) EndpointSlice that resolves to a cloud metadata endpoint. This allows the router to proxy requests to the cloud metadata endpoint, leading to the disclosure of instance credentials and other sensitive metadata. This bypasses previous security measures for validating IP addresses.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS