CVE-2026-7309

· NIST NVD ↗

A flaw was found in the OpenShift Container Platform build system. A user with the `edit` ClusterRole can inject arbitrary environment variables, such as `LD_PRELOAD` or `http_proxy`, into `docker-build` containers through the `buildconfigs/instantiate` API. This incomplete fix for a previous vulnerability allows for information disclosure, specifically impacting the confidentiality of build traffic.

MEDIUM
CVSS severity
4.3
CVSS base score
2026-04-28
Published

CWE codes

CWE-426

Affected products

redhat:openshift_container_platform

Sources