Red Hat · Openshift Container Platform · CVE-2026-7309
**Name of the Vulnerable Software and Affected Versions**
OpenShift Container Platform (affected versions not specified)
**Description**
A flaw in the build system allows a user with the `edit` ClusterRole to inject arbitrary environment variables, such as `LD PRELOAD` or `http proxy`, into `docker-build` containers. This is achieved through the 'buildconfigs/instantiate' API endpoint. This issue results from an incomplete fix for a previous flaw and leads to information disclosure, specifically compromising the confidentiality of build traffic.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.