CVE-2026-22772
medium
Red Hat CVSS v3 Base Score
5.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
EPSS Score
0.0%
Exploitation probability in 30 days
Top 98% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Confidentiality
Low
Integrity
None
Availability
None
Published: January 12, 2026 (122 days ago)
Last Modified: January 12, 2026
Vendor: Red Hat
Fix Available: ✓ Yes
Vulnerability Report
Generated by CyberWatcher
Description
Fulcio is a certificate authority for issuing code signing certificates for an OpenID Connect (OIDC) identity. Prior to 1.8.5, Fulcio's metaRegex() function uses unanchored regex, allowing attackers to bypass MetaIssuer URL validation and trigger SSRF to arbitrary internal services. Since the SSRF only can trigger GET requests, the request cannot mutate state. The response from the GET request is not returned to the caller so data exfiltration is not possible. A malicious actor could attempt to probe an internal network through Blind SSRF. This vulnerability is fixed in 1.8.5.
CWE
CWE-918Affected Products
Assisted Installer for Red Hat OpenShift Container Platform 2Compliance OperatorConfidential Compute AttestationFile Integrity OperatorKernel Module Management Operator for Red Hat OpenshiftLogging Subsystem for Red Hat OpenShiftLogical Volume Manager StorageMigration Toolkit for ContainersMigration Toolkit for VirtualizationMultiarch Tuning Operator