Openshift

CVE-2026-46579 describes a vulnerability in the Red Hat OpenShift Router. When a Route is configured with `insecureEdgeTerminationPolicy` set to Allow, the HTTP frontend fails to remove `X-SSL-Client-*` headers from incoming requests, allowing unauthenticated attackers to bypass mutual TLS authentication and impersonate client certificate identities.

CVE-2026-42965 describes a server-side request forgery (SSRF) vulnerability in the OpenShift Router where a user with EndpointSlice write access can expose instance credentials by creating a service that proxies requests to a cloud metadata endpoint.

Multiple vulnerabilities in Red Hat OpenShift Tempo allow an unauthenticated remote attacker to bypass security measures, disclose sensitive information, manipulate data, or cause a denial of service condition.

CVE-2026-7374 allows an authenticated OpenShift user with edit permissions in a single namespace to escalate privileges to full cluster control by exploiting improper symlink validation in KubeVirt's virt-handler component when connecting to VM console sockets.

A remote anonymous attacker can exploit multiple vulnerabilities in the Grafana component of Red Hat Enterprise Linux and OpenShift to execute arbitrary code, disclose confidential information, and cause a denial-of-service condition.

An anonymous remote attacker can exploit multiple vulnerabilities in Kiali for Red Hat OpenShift Service Mesh to gain extended privileges, bypass security measures, manipulate or disclose data, or cause a denial-of-service condition.

An anonymous remote attacker can exploit multiple vulnerabilities in Red Hat OpenShift Service Mesh to manipulate files, disclose information, or cause a denial-of-service condition.

A remote, authenticated attacker can exploit a vulnerability in Red Hat OpenShift Container Platform to bypass security measures.

CVE-2026-5483 is a high-severity vulnerability in the `odh-dashboard` component of Red Hat OpenShift AI (RHOAI) that allows for the disclosure of Kubernetes Service Account tokens through a NodeJS endpoint, potentially leading to unauthorized access to Kubernetes resources.

CVE-2025-12805 describes a flaw in Red Hat OpenShift AI (RHOAI) llama-stack-operator that allows unauthorized access to Llama Stack services in other namespaces via direct network requests due to missing NetworkPolicy restrictions, potentially enabling attackers to view or manipulate sensitive data.

An anonymous remote attacker can exploit multiple vulnerabilities in Red Hat OpenShift GitOps to manipulate data, misrepresent information, or cause a denial of service.