QSearchQSearch

CVE-2026-46579

7.4 HIGH

A flaw was found in the OpenShift Router

Published: 2026-05-29 · Last updated: 2026-06-08

Severity and scoring

CVSS
7.4 HIGH
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
CWE
CWE-287

Affected products

VendorProduct
redhatopenshift_container_platform, openshift_router

Description

A flaw was found in the OpenShift Router. When a Route has `insecureEdgeTerminationPolicy` set to Allow, the HTTP frontend does not remove `X-SSL-Client-*` headers from incoming requests. This allows an unauthenticated attacker to send plain HTTP requests with crafted `X-SSL-Client-*` headers. As a result, backends relying on these headers for mutual TLS (Transport Layer Security) authentication can be bypassed, enabling the attacker to impersonate client certificate identities.

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2026-11793 A stack buffer overflow flaw was found in 389 Directory Server (4.9 MEDIUM)
  • CVE-2026-11790 A flaw was found in 389 Directory Server (4.9 MEDIUM)
  • CVE-2026-11789 A flaw was found in 389 Directory Server (4.9 MEDIUM)
  • CVE-2026-11788 A flaw was found in 389 Directory Server (5.9 MEDIUM)
  • CVE-2026-11787 A flaw was found in 389 Directory Server (5.0 MEDIUM)

Same CWE

  • CVE-2026-48114 Metacat is data repository software that helps researchers preserve, share, and discover data (9.8 CRITICAL)
  • CVE-2026-12183 Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 through 2.10.2 on Linux contains an Improper Authentication vulnerabili... (9.8 CRITICAL)
  • CVE-2026-50623 An authentication bypass vulnerability exists in the OAuth2 TokenIntrospectionService in Apache CXF (6.5 MEDIUM)
  • CVE-2026-48611 Improper authentication checks in the OAuth implementation allow account hijacking even when OAuth is not configured or enabled leading t... (9.8 CRITICAL)
  • CVE-2026-40995 X509AuthenticationProvider could issue a fully authenticated X509AuthenticationToken when a presented certificate mapped to UserDetails, ... (5.4 MEDIUM)