Red Hat OpenShift Router X-SSL-Client Header Bypass Vulnerability Allowing mTLS Impersonation

Vulnerability

A vulnerability exists in the OpenShift Router's HTTP frontend when the 'insecureEdgeTerminationPolicy' is set to Allow. The frontend fails to remove 'X-SSL-Client-*' headers from incoming plain HTTP requests. This oversight allows an unauthenticated attacker to send crafted requests that bypass backends relying on these headers for mutual TLS authentication, enabling impersonation of client certificate identities.

Impact

Exploitation of this vulnerability can lead to unauthorized bypassing of mutual TLS authentication, allowing attackers to impersonate client certificate identities on the affected backend services.

Added: May 29, 2026, 11:19 AM

Updated: May 29, 2026, 11:19 AM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

1.7

exploitability

8.1

remediation

0.0

relevance

9.8

threat

0.0

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

1.7

exploitability

8.1

remediation

0.0

relevance

9.8

threat

0.0

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Red Hat OpenShift Router X-SSL-Client Header Bypass Vulnerability Allowing mTLS Impersonation

Vulnerability

Impact

Affected Products

Red Hat OpenShift Container Platform

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating