Insufficient Validation in OpenShift Resource for HAProxy Configuration
CVE-2026-1784

8.8HIGH

Key Information:

Vendor: Red Hat
Status: Red Hat Openshift Container Platform 4
Vendor: CVE Published:; 2 June 2026

What is CVE-2026-1784?

A vulnerability exists in the OpenShift Route resource that improperly validates the spec.path YAML stanza in Route documents. This flaw could enable attackers to inject controlled configurations into the HAProxy, potentially compromising the routing and accessibility of pods. Users are advised to review their Route configurations closely and apply recommended security patches to mitigate this issue.

References

https://access.redhat.com/security/cve/CVE-2026-1784

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2436075

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 2, 2026
Vulnerability Reserved
Feb 2, 2026

CVE-2026-1784 Data

JSON

Red Hat

What is CVE-2026-1784?

References

CVSS V3.1

Timeline