CVE-2026-7309

Name of the Vulnerable Software and Affected Versions OpenShift Container Platform (affected versions not specified)

Description A flaw in the build system allows a user with the edit ClusterRole to inject arbitrary environment variables, such as LD PRELOAD or http proxy, into docker-build containers. This is achieved through the 'buildconfigs/instantiate' API endpoint. This issue results from an incomplete fix for a previous flaw and leads to information disclosure, specifically compromising the confidentiality of build traffic.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.