CVE-2026-42965EPSS p10.4%

CVE-2026-42965CVE-2026-42965

redhat / openshift_container_platform

Description

A flaw was found in the OpenShift Router. A user with EndpointSlice write access can exploit this vulnerability by creating a Service backed by an FQDN (Fully Qualified Domain Name) EndpointSlice that resolves to a cloud metadata endpoint. This allows the router to proxy requests to the cloud metadata endpoint, leading to the disclosure of instance credentials and other sensitive metadata. This bypasses previous security measures for validating IP addresses.

Scoring

CVSS 7.7 ()
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
EPSS0.21% probability of exploitation · percentile 10.4% · 2026-06-19T12:03:05Z
Last modified2026-06-08

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-46579
CVE
CVE-2026-1784
CVE
CVE-2026-10843
CVE
CVE-2026-24512
CVE
CVE-2025-0650
CVE
CVE-2026-42998
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.