CVE-2026-46579
Gravedad CVSS v3.1:
ALTA
Tipo:
CWE-287
Autenticación incorrecta
Fecha de publicación:
29/05/2026
Última modificación:
30/06/2026
Descripción
*** Pendiente de traducción *** A flaw was found in the OpenShift Router. When a Route has `insecureEdgeTerminationPolicy` set to Allow, the HTTP frontend does not remove `X-SSL-Client-*` headers from incoming requests. This allows an unauthenticated attacker to send plain HTTP requests with crafted `X-SSL-Client-*` headers. As a result, backends relying on these headers for mutual TLS (Transport Layer Security) authentication can be bypassed, enabling the attacker to impersonate client certificate identities.
Impacto
Puntuación base 3.x
7.40
Gravedad 3.x
ALTA
Productos y versiones vulnerables
| CPE | Desde | Hasta |
|---|---|---|
| cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:redhat:openshift_router:-:*:*:*:*:*:*:* |
Para consultar la lista completa de nombres de CPE con productos y versiones, ver esta página
Referencias a soluciones, herramientas e información
- https://access.redhat.com/errata/RHSA-2026:27009
- https://access.redhat.com/errata/RHSA-2026:27044
- https://access.redhat.com/errata/RHSA-2026:27063
- https://access.redhat.com/security/cve/CVE-2026-46579
- https://bugzilla.redhat.com/show_bug.cgi?id=2483181
- https://access.redhat.com/errata/RHSA-2026:27009
- https://access.redhat.com/errata/RHSA-2026:27044
- https://access.redhat.com/errata/RHSA-2026:27063
- https://access.redhat.com/security/cve/CVE-2026-46579
- https://bugzilla.redhat.com/show_bug.cgi?id=2483181
- https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-46579.json



