CVE-2026-1784

Vulnerability

The Route OpenShift resource, which defines routes to expose pods via HAProxy, contains an insufficiency in the validation of the spec.path YAML stanza. This allows for controlled injection of HAProxy configuration.

Exploitation

An attacker with the ability to create or modify Route resources in an OpenShift cluster could exploit this vulnerability. By crafting a malicious spec.path value, an attacker can inject arbitrary HAProxy configuration, potentially leading to unauthorized access or manipulation of traffic routing.

Impact

Successful exploitation allows an attacker to inject HAProxy configuration, which could lead to various security impacts including information disclosure, denial of service, or potentially remote code execution depending on the injected configuration and the cluster's setup. The scope of the impact is tied to the privileges of the attacker within the OpenShift cluster.

Mitigation

Red Hat has addressed this issue. Please refer to the Red Hat Security Advisory [1] for specific details on affected versions and mitigation steps. A fix is available in updated versions of OpenShift.