Red Hat OpenShift ↗
Red Hat · Infrastructure
20/100 Critical · exploited
Summary iPlain-English security verdict for Red Hat OpenShift, generated from its current health score, actively-exploited vulnerabilities, and latest supported version.
Red Hat OpenShift currently scores 20/100 — critical, with active exploitation. 8 of its known vulnerabilities are being actively exploited in the wild (CISA KEV), including CVE-2018-1000861. Upgrade immediately and review your exposure to the actively-exploited CVEs below. Note: this product is assessed at the product level on recent (365-day) activity rather than an exact per-version match, so it is never marked a confident "healthy".
Disclosure trend iNew CVEs published for Red Hat OpenShift each year (NVD). A higher bar means more disclosures that year — more scrutiny, not necessarily less safe.
'19
'20
'21
'22
'23
'24
'25
'26
Patch priority — what to act on iThe issues to fix first — actively exploited (CISA KEV) first, then by exploitation probability (EPSS), then severity. Each row's "→ fixed in" is the earliest version that patches it; "see advisory" means no fixed version is published.
Most urgent first — actively exploited, then likeliest to be exploited.
CVE-2018-1000861 CRITICAL ● exploited Insecure deserialization EPSS 94% → see advisory CVE-2019-7609 CRITICAL ● exploited Code injection EPSS 94% → see advisory CVE-2023-44487 HIGH ● exploited Uncontrolled resource consumption EPSS 94% → see advisory CVE-2019-1003029 CRITICAL ● exploited EPSS 93% → see advisory CVE-2019-1003030 CRITICAL ● exploited CWE-693 EPSS 92% → see advisory CVE-2019-0211 HIGH ● exploited Use-after-free EPSS 90% → see advisory CVE-2021-3560 HIGH ● exploited Incorrect authorization EPSS 9% → see advisory CVE-2026-31431 HIGH ● exploited CWE-669 EPSS 2% → see advisory CVE-2019-1003000 HIGH EPSS 94% → see advisory CVE-2019-1003001 HIGH EPSS 94% → see advisory CVE-2018-17246 CRITICAL CWE-73 EPSS 94% → see advisory CVE-2019-1003002 HIGH EPSS 93% → see advisoryℹ product-level posture (last 365d); exact per-version verdict pending precise version mapping