CVE-2026-7309

A flaw was found in the OpenShift Container Platform build system. A user with the edit ClusterRole can inject arbitrary environment variables, such as LDPRELOAD or httpproxy, into docker-build containers through the buildconfigs/instantiate API. This incomplete fix for a previous vulnerability...

CVE-2026-7309 Openshift-controller-manager: openshift container platform: information disclosure via environment variable injection

A flaw was found in the OpenShift Container Platform build system. A user with the edit ClusterRole can inject arbitrary environment variables, such as LDPRELOAD or httpproxy, into docker-build containers through the buildconfigs/instantiate API. This incomplete fix for a previous vulnerability...

CVE-2026-7309 Openshift-controller-manager: openshift container platform: information disclosure via environment variable injection

A flaw was found in the OpenShift Container Platform build system. A user with the edit ClusterRole can inject arbitrary environment variables, such as LDPRELOAD or httpproxy, into docker-build containers through the buildconfigs/instantiate API. This incomplete fix for a previous vulnerability...

EUVD-2026-26043

A flaw was found in the OpenShift Container Platform build system. A user with the edit ClusterRole can inject arbitrary environment variables, such as LDPRELOAD or httpproxy, into docker-build containers through the buildconfigs/instantiate API. This incomplete fix for a previous vulnerability...