OpenShift Router X-SSL-Client-* Header Bypass via insecureEdgeTerminationPolicy
CVE-2026-46579 Published on May 29, 2026

Openshift/router: openshift/router: mtls client certificate spoofing via unstripped x-ssl-client headers on http frontend
A flaw was found in the OpenShift Router. When a Route has `insecureEdgeTerminationPolicy` set to Allow, the HTTP frontend does not remove `X-SSL-Client-*` headers from incoming requests. This allows an unauthenticated attacker to send plain HTTP requests with crafted `X-SSL-Client-*` headers. As a result, backends relying on these headers for mutual TLS (Transport Layer Security) authentication can be bypassed, enabling the attacker to impersonate client certificate identities.

NVD

Vulnerability Analysis

CVE-2026-46579 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality and integrity, and no impact on availability.

Attack Vector:
NETWORK
Attack Complexity:
HIGH
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
NONE

Timeline

Reported to Red Hat.

Made public.

Weakness Type

What is an authentification Vulnerability?

When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.

CVE-2026-46579 has been classified to as an authentification vulnerability or weakness.


Products Associated with CVE-2026-46579

Want to know whenever a new CVE is published for Red Hat Openshift? stack.watch will email you.

Red Hat Openshift
 

Affected Versions

Red Hat OpenShift Container Platform 4: Red Hat OpenShift Container Platform 4: