CVE-2026-22772

medium Red Hat
CVSS v3 Base Score
5.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Published: January 12, 2026
Last Modified: January 12, 2026
Vendor: Red Hat

Description

Fulcio is a certificate authority for issuing code signing certificates for an OpenID Connect (OIDC) identity. Prior to 1.8.5, Fulcio's metaRegex() function uses unanchored regex, allowing attackers to bypass MetaIssuer URL validation and trigger SSRF to arbitrary internal services. Since the SSRF only can trigger GET requests, the request cannot mutate state. The response from the GET request is not returned to the caller so data exfiltration is not possible. A malicious actor could attempt to probe an internal network through Blind SSRF. This vulnerability is fixed in 1.8.5.

CWE

CWE-918

Affected Products

Assisted Installer for Red Hat OpenShift Container Platform 2Compliance OperatorConfidential Compute AttestationFile Integrity OperatorKernel Module Management Operator for Red Hat OpenshiftLogging Subsystem for Red Hat OpenShiftLogical Volume Manager StorageMigration Toolkit for ContainersMigration Toolkit for VirtualizationMultiarch Tuning Operator

Fix Status

✅ Fix Available

References

🔗 bugzilla.redhat.com 🔗 www.cve.org 🔗 nvd.nist.gov 🔗 github.com 🔗 github.com