What is the CVSS score of CVE-2026-1784?

CVE-2026-1784 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Red Hat OpenShift are affected by CVE-2026-1784?

A configuration injection vulnerability in Red Hat OpenShift Container Platform 4's HAProxy ingress controller allows low-privileged tenants to manipulate cluster-wide routing configuration, breaking…

Red Hat OpenShift CVE-2026-1784

EUVD-2026-33883 HIGH

External Control of System or Configuration Setting (CWE-15)

2026-06-02 redhat

GHSA-qmrp-jx57-5mr7

Code Injection Red Hat

8.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Jun 02, 2026 - 08:45 vuln.today

DescriptionNVD

The Route OpenShift resource allows to define routes to make pods reachable at a subdomain through HAProxy. It was found that the checks performed on the spec.path YAML stanza in a Route document was insufficient and could allow a controlled injection of the HAProxy configuration.

AnalysisAI

HAProxy configuration injection in Red Hat OpenShift Container Platform 4 allows a low-privileged tenant with permission to create or modify Route resources to inject controlled directives into the cluster ingress configuration via the spec.path field. No public exploit identified at time of analysis, but the CVSS 8.8 score with scope change (S:C) reflects the ability to break out of the tenant boundary and impact the shared HAProxy router serving the entire cluster.

RemediationAI

24 hours: Inventory all OpenShift 4 clusters and audit current RBAC policies for Route resource creation and modification. 7 days: Restrict Route creation permissions to authorized users only and implement detailed audit logging; contact Red Hat Security for patch timeline and workaround guidance. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

More from same product – last 7 days

CVE-2026-5241 CRITICAL Act Now

9.6 Jun 03

Remote code execution in Hugging Face Transformers 5.2.0 allows a malicious model repository to bypass the user's explic

CVE-2026-5422 HIGH This Week

8.1 Jun 02

Path traversal in Jupyter Server 2.17.0 allows authenticated users to read and write files in sibling directories outsid

CVE-2026-43958 HIGH This Week

7.8 Jun 01

Stack-based buffer overflow in rrdcached (the caching daemon for rrdtool) allows a local attacker with socket access to

CVE-2026-10118 HIGH This Week

7.8 Jun 01

Local code execution in Poppler's Splash rendering backend allows attackers to compromise applications that open attacke

CVE-2026-10517 MEDIUM This Month

5.8 Jun 01

Server-Side Request Forgery in Clair's fetcher component exposes internal network services and cloud metadata endpoints

Vendor StatusVendor

CVE-2026-1784 vulnerability details – vuln.today

Back

Red Hat OpenShift CVE-2026-1784

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

More from same product – last 7 days

Vendor StatusVendor

Share

External POC / Exploit Code