Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
CVE-2026-1784: OpenShift Route Allows Uncontrolled HAProxy Configuration Injection
CVE-2026-1784
Summary
An OpenShift Route can inject malicious HAProxy settings, potentially compromising security. This affects OpenShift users who rely on Route resources to expose their applications. To mitigate, review and validate Route configurations to prevent unauthorized HAProxy settings.
Original title
The Route OpenShift resource allows to define routes to make pods reachable at a subdomain through HAProxy. It was found that the checks performed on the spec.path YAML stanza in a Route document w...
Original description
The Route OpenShift resource allows to define routes to make pods reachable at a subdomain through HAProxy. It was found that the checks performed on the spec.path YAML stanza in a Route document was insufficient and could allow a controlled injection of the HAProxy configuration.
nvd CVSS3.1
8.8
Vulnerability type
CWE-15
Published: 2 Jun 2026 · Updated: 15 Jun 2026 · First seen: 2 Jun 2026