CVE-2026-7309

A flaw was found in the OpenShift Container Platform build system. A user with the edit ClusterRole can inject arbitrary environment variables, such as LD PRELOAD or http proxy, into docker-build containers through the buildconfigs/instantiate API. This incomplete fix for a previous vulnerability allows for information disclosure, specifically impacting the confidentiality of build traffic.