CVE-2026-42965
Openshift/router: openshift/router: cloud metadata ssrf via fqdn-typed endpointslice bypasses destination validation
CVSS Score
7.7
EPSS Score
0.0%
EPSS Percentile
10th
A flaw was found in the OpenShift Router. A user with EndpointSlice write access can exploit this vulnerability by creating a Service backed by an FQDN (Fully Qualified Domain Name) EndpointSlice that resolves to a cloud metadata endpoint. This allows the router to proxy requests to the cloud metadata endpoint, leading to the disclosure of instance credentials and other sensitive metadata. This bypasses previous security measures for validating IP addresses.
| CWE | CWE-918 |
| Vendor | red hat |
| Product | red hat openshift container platform 4 |
| Published | May 29, 2026 |
| Last Updated | Jun 8, 2026 |
Stay Ahead of the Next One
Get instant alerts for red hat red hat openshift container platform 4
Be the first to know when new high vulnerabilities affecting red hat red hat openshift container platform 4 are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
None
Affected Versions
Red Hat / Red Hat OpenShift Container Platform 4
All versions affected Red Hat / Red Hat OpenShift Container Platform 4
All versions affected References
Credits
This issue was discovered by Ricardo Pchevuzinske Katz (Red Hat).