OpenShift Route Path YAML Injection Enables HAProxy Config Manipulation
CVE-2026-1784 Published on June 2, 2026

Ose-cluster-ingress-operator: remote code execution through haproxy configuration injection
The Route OpenShift resource allows to define routes to make pods reachable at a subdomain through HAProxy. It was found that the checks performed on the spec.path YAML stanza in a Route document was insufficient and could allow a controlled injection of the HAProxy configuration.

NVD

Vulnerability Analysis

CVE-2026-1784 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:
LOCAL
Attack Complexity:
LOW
Privileges Required:
LOW
User Interaction:
NONE
Scope:
CHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH

Timeline

Reported to Red Hat.

Made public. 120 days later.

Weakness Type

External Control of System or Configuration Setting

One or more system settings or configuration elements can be externally controlled by a user. Allowing external control of system settings can disrupt service or cause an application to behave in unexpected, and potentially malicious ways.


Products Associated with CVE-2026-1784

Want to know whenever a new CVE is published for Red Hat Openshift? stack.watch will email you.

Red Hat Openshift
 

Affected Versions

Red Hat OpenShift Container Platform 4: Red Hat OpenShift Container Platform 4: