CVE-2026-7309
MEDIUMDescription
A flaw was found in the OpenShift Container Platform build system. A user with the `edit` ClusterRole can inject arbitrary environment variables, such as `LD_PRELOAD` or `http_proxy`, into `docker-build` containers through the `buildconfigs/instantiate` API. This incomplete fix for a previous vulnerability allows for information disclosure, specifically impacting the confidentiality of build traffic.
Is your site exposed to CVE-2026-7309?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
EPSS — Exploit Prediction
EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| redhat | openshift_container_platform |
References
Frequently Asked Questions
What is CVE-2026-7309? +
How severe is CVE-2026-7309? +
What products are affected by CVE-2026-7309? +
How do I check if I'm vulnerable to CVE-2026-7309? +
Related Vulnerabilities
Multiple local privilege escalation vulnerabilities in the Palo Alto Networks GlobalProtect™ app allow a local user to escalate their privileges …
Potential privilege escalation issue in Revenera InstallShield version 2023 R1 running a renamed Setup.exe on Windows. When a local administrator …
In Seagate Toolkit on Windows a vulnerability exists in the Toolkit Installer prior to versions 2.35.0.6 where it attempts to …
Library loading on AIX Zabbix Agent builds can be hijacked by local users with write access to the /home/cecuser directory.
Untrusted Search Path vulnerability in OpenText™ Application Lifecycle Management (ALM),Quality Center allows Code Inclusion. The vulnerability allows a user to …
There is a defect in the CPython standard library module “mimetypes” where on Windows the default list of known file …