Security Flaw in OpenShift Router Affects Client Certificate Authentication
CVE-2026-46579

7.4HIGH

Key Information:

Vendor

Red Hat
Status
Red Hat Openshift Container Platform 4.20
Red Hat Openshift Container Platform 4.21
Red Hat Openshift Container Platform 4.22
Red Hat Openshift Container Platform 4
Vendor
CVE Published:
29 May 2026

What is CVE-2026-46579?

A security flaw in the OpenShift Router arises when the insecureEdgeTerminationPolicy is set to Allow. In this scenario, the HTTP frontend fails to strip X-SSL-Client-* headers from incoming requests. Consequently, an unauthorized attacker can exploit this flaw by sending non-encrypted HTTP requests that contain specifically crafted X-SSL-Client-* headers. This exploitation allows the attacker to bypass mutual TLS authentication mechanisms, thereby impersonating client certificate identities, which can lead to unauthorized access to sensitive backend services.

Affected Version(s)

Red Hat OpenShift Container Platform 4.20 1781639027

Red Hat OpenShift Container Platform 4.21 1781552170

Red Hat OpenShift Container Platform 4.22 1781643967

References

https://access.redhat.com/errata/RHSA-2026:27009
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:27044
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:27063
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
7.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

This issue was discovered by Ricardo Pchevuzinske Katz (Red Hat).
.