By vendor
Redhat vulnerabilities
Known CVEs affecting Redhat products, prioritized by severity, with SEC.co remediation and detection guidance.
3 published vulnerabilities
- CVE-2026-1784HIGH 8.8
A flaw in OpenShift's Route resource allows users with low-level cluster access to inject malicious HAProxy configuration through the spec.path field. Because validation of this field is insufficient, an attacker can bypass intended restrictions and alter how traffic is routed, potentially redirecting requests or exposing sensitive data. This is a local privilege escalation risk requiring existing cluster access but delivering high-impact consequences.
- CVE-2026-42965HIGH 7.7
OpenShift Router contains a flaw that allows users with EndpointSlice write permissions to redirect traffic through the router to cloud metadata endpoints. By crafting a Service backed by an FQDN-based EndpointSlice pointing to a cloud metadata service, an attacker can intercept and read sensitive instance credentials and metadata that should never be exposed. This circumvents existing IP address validation protections designed to block such access.
- CVE-2026-10533MEDIUM 5.0
A vulnerability in OpenShift Container Platform allows non-privileged users to circumvent resource quota enforcement by creating pods with a never-restart policy. These pods and their associated Kubernetes events are not counted against quota limits, enabling an attacker to flood the cluster's event database (etcd) with activity. The resulting accumulation degrades API server performance across the entire cluster, affecting all users and workloads.