CVE-2026-1784 Ose-cluster-ingress-operator: remote code execution through haproxy configuration injection

🗓️ 02 Jun 2026 07:22:26Reported by redhatType

Route enables code execution via HAProxy config injection from weak spec.path.

Reporter	Title	Published	Views	Family All 14
ATTACKERKB	CVE-2026-1784	2 Jun 202607:22	–	attackerkb
Circl	CVE-2026-1784	2 Jun 202609:58	–	circl
CNNVD	Red Hat OpenShift Container Platform 安全漏洞	2 Jun 202600:00	–	cnnvd
CVE	CVE-2026-1784	2 Jun 202607:22	–	cve
EUVD	EUVD-2026-33883	2 Jun 202607:22	–	euvd
NVD	CVE-2026-1784	2 Jun 202609:16	–	nvd
Positive Technologies	PT-2026-45701	2 Jun 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-1784	2 Jun 202607:17	–	redhatcve
RedHat Linux	Important: Red Hat Security Advisory: OpenShift Container Platform 4.21.19 bug fix and security update	11 Jun 202609:02	–	redhat
RedHat Linux	Important: Red Hat Security Advisory: OpenShift Container Platform 4.19.33 bug fix and security update	10 Jun 202608:58	–	redhat

[
  {
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4.16",
    "collectionURL": "https://catalog.redhat.com/software/containers/",
    "packageName": "openshift4/ose-cluster-ingress-rhel9-operator",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "1780962617",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:openshift:4.16::el9"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4.18",
    "collectionURL": "https://catalog.redhat.com/software/containers/",
    "packageName": "openshift4/ose-cluster-ingress-rhel9-operator",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "1780988280",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:openshift:4.18::el9"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4.19",
    "collectionURL": "https://catalog.redhat.com/software/containers/",
    "packageName": "openshift4/ose-cluster-ingress-rhel9-operator",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "1780043338",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:openshift:4.19::el9"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4.20",
    "collectionURL": "https://catalog.redhat.com/software/containers/",
    "packageName": "openshift4/ose-cluster-ingress-rhel9-operator",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "1780990977",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:openshift:4.20::el9"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4.21",
    "collectionURL": "https://catalog.redhat.com/software/containers/",
    "packageName": "openshift4/ose-cluster-ingress-rhel9-operator",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "1780444348",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:openshift:4.21::el9"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "openshift4/ose-cluster-ingress-operator",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:openshift:4"
    ]
  }
]

Source	Link
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
access	www.access.redhat.com/errata/RHSA-2026:25045
access	www.access.redhat.com/errata/RHSA-2026:25182
access	www.access.redhat.com/errata/RHSA-2026:23241
access	www.access.redhat.com/security/cve/CVE-2026-1784
access	www.access.redhat.com/errata/RHSA-2026:25194
access	www.access.redhat.com/errata/RHSA-2026:23246

17 Jun 2026 12:55Current

CVSS 3.18.8

EPSS0.00139

CWE-15