CVE Catalog

CVE-2026-46579

HighCVSS 7.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.23%

14th percentile - higher than 14% of all known CVEs

Summary

A flaw in OpenShift Router allows an unauthenticated attacker to send plain HTTP requests with crafted `X-SSL-Client-*` headers when a Route has `insecureEdgeTerminationPolicy` set to Allow, bypassing mutual TLS authentication and impersonating client certificate identities.

Risk Assessment

The risk is that an unauthenticated attacker can bypass mutual TLS authentication mechanisms, potentially gaining unauthorized access to backends and compromising communication integrity.

Recommendation

Immediately update OpenShift Router to a patched version and, if possible, change Route configurations from `insecureEdgeTerminationPolicy` Allow to Redirect or Remove to prevent forwarding `X-SSL-Client-*` headers over insecure connections.

Original NVD description (English source)

A flaw was found in the OpenShift Router. When a Route has `insecureEdgeTerminationPolicy` set to Allow, the HTTP frontend does not remove `X-SSL-Client-*` headers from incoming requests. This allows an unauthenticated attacker to send plain HTTP requests with crafted `X-SSL-Client-*` headers. As a result, backends relying on these headers for mutual TLS (Transport Layer Security) authentication can be bypassed, enabling the attacker to impersonate client certificate identities.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS