What is GHSA-ccmj-8c3p-4qwj?

GHSA-ccmj-8c3p-4qwj is a security advisory published by GitHub Security Advisories with High severity. A flaw was found in the OpenShift Router. When a Route has `insecureEdgeTerminationPolicy` set to...

Which CVE IDs does GHSA-ccmj-8c3p-4qwj cover?

GHSA-ccmj-8c3p-4qwj covers the following CVE IDs: CVE-2026-46579. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-ccmj-8c3p-4qwj?

GHSA-ccmj-8c3p-4qwj has a CVSS v3 base score of 7.4, published by GitHub Security Advisories.

GHSA-ccmj-8c3p-4qwjHighCVSS 7.4

A flaw was found in the OpenShift Router. When a Route has `insecureEdgeTerminationPolicy` set to...

Vendor

GitHub Security Advisories

Published

May 29, 2026

Last Modified

May 29, 2026

🔗 CVE IDs covered (1)

CVE-2026-46579 →

📋 Description

A flaw was found in the OpenShift Router. When a Route has insecureEdgeTerminationPolicy set to Allow, the HTTP frontend does not remove X-SSL-Client-* headers from incoming requests. This allows an unauthenticated attacker to send plain HTTP requests with crafted X-SSL-Client-* headers. As a result, backends relying on these headers for mutual TLS (Transport Layer Security) authentication can be bypassed, enabling the attacker to impersonate client certificate identities.

🔗 References (4)

https://nvd.nist.gov/vuln/detail/CVE-2026-46579
https://access.redhat.com/security/cve/CVE-2026-46579
https://bugzilla.redhat.com/show_bug.cgi?id=2483181
https://github.com/advisories/GHSA-ccmj-8c3p-4qwj