CVE-2026-46579— Openshift/router: openshift/router: mtls client certificate spoofing via unstripped x-ssl-client headers on http frontend
Affected Version Matrix 2
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Red Hat | Red Hat OpenShift Container Platform 4 | any | affected |
any | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-46579
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Openshift/router: openshift/router: mtls client certificate spoofing via unstripped x-ssl-client headers on http frontend
Source: NVD (National Vulnerability Database)
Vulnerability Description
A flaw was found in the OpenShift Router. When a Route has `insecureEdgeTerminationPolicy` set to Allow, the HTTP frontend does not remove `X-SSL-Client-*` headers from incoming requests. This allows an unauthenticated attacker to send plain HTTP requests with crafted `X-SSL-Client-*` headers. As a result, backends relying on these headers for mutual TLS (Transport Layer Security) authentication can be bypassed, enabling the attacker to impersonate client certificate identities.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
认证机制不恰当
Source: NVD (National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Red Hat | Red Hat OpenShift Container Platform 4 | - | cpe:/a:redhat:openshift:4 | |
| Red Hat | Red Hat OpenShift Container Platform 4 | - | cpe:/a:redhat:openshift:4 |
II. Public POCs for CVE-2026-46579
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-46579
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-46579 (1)
Other References for CVE-2026-46579 (1)
Same Patch Batch · Red Hat · 2026-05-29 · 6 CVEs total
| CVE-2026-42965 | 7.7 HIGH | Openshift/router: openshift/router: cloud metadata ssrf via fqdn-typed endpointslice bypas |
| CVE-2026-10101 | 6.3 MEDIUM | Assisted-service: assisted-service: infraenv status leaks referenced pull-secret contents |
| CVE-2026-6324 | 4.8 MEDIUM | Libsoup: libsoup: http request smuggling via unsigned to signed conversion error |
| CVE-2026-10052 | 4.1 MEDIUM | Quay/config-tool: quay/config-tool: ssrf via unfiltered ldap and smtp config validation en |
| CVE-2026-10078 | 2.7 LOW | Quay/config-tool: quay/config-tool: gitlab oauth client_secret exposed in url querystring |
IV. Related Vulnerabilities
Same product: Red Hat OpenShift Container Platform 4
Same vendor: Red Hat
- CVE-2026-10101
Assisted-service: assisted-service: infraenv status leaks re - CVE-2026-42965
Openshift/router: openshift/router: cloud metadata ssrf via - CVE-2026-10078
Quay/config-tool: quay/config-tool: gitlab oauth client_secr - CVE-2026-10052
Quay/config-tool: quay/config-tool: ssrf via unfiltered ldap - CVE-2026-6324
Libsoup: libsoup: http request smuggling via unsigned to sig
Same weakness: CWE-287
- CVE-2026-49197
Predator Connect W6x: Improper Authentication - CVE-2026-3655
OTP Login With Phone Number, OTP Verification <= 1.8.60 - Un - CVE-2026-48526
PyJWT: Public-key JWK accepted as HMAC secret enables forged - CVE-2026-8979
Authentication Bypass - CVE-2026-44720
OpenLearnX: Critical Authentication Bypass via JWT Signature
V. Comments for CVE-2026-46579
No comments yet