External Control of System or Configuration Setting

CVE-2026-1784

High

8.8/10

Summary

The Route OpenShift resource allows to define routes to make pods reachable at a subdomain through HAProxy. It was found that the checks performed on the spec.path YAML stanza in a Route document was insufficient and could allow a controlled injection of the HAProxy configuration.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: CHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-15 - External Control of System or Configuration Setting

One or more system settings or configuration elements can be externally controlled by a user.

References

Advisory

Advisory Timeline

Published Jun 02, 2026

External Control of System or Configuration Setting

CVE-2026-1784

Summary

CWE-15 - External Control of System or Configuration Setting

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS