OpenShift Router

CVE-2026-46579 describes a vulnerability in the Red Hat OpenShift Router. When a Route is configured with `insecureEdgeTerminationPolicy` set to Allow, the HTTP frontend fails to remove `X-SSL-Client-*` headers from incoming requests, allowing unauthenticated attackers to bypass mutual TLS authentication and impersonate client certificate identities.

CVE-2026-42965 describes a server-side request forgery (SSRF) vulnerability in the OpenShift Router where a user with EndpointSlice write access can expose instance credentials by creating a service that proxies requests to a cloud metadata endpoint.