Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for Red Hat Quay 3.15 by Red Hat

    CVE-2026-32590 (GCVE-0-2026-32590)

    Vulnerability from nvd – Published: 2026-04-08 17:04 – Updated: 2026-07-01 00:22
    VLAI
    Title
    Mirror-registry: remote code execution using pickle deserialization
    Summary
    A flaw was found in Red Hat Quay's handling of resumable container image layer uploads. The upload process stores intermediate data in the database using a format that, if tampered with, could allow an attacker to execute arbitrary code on the Quay server.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2026:19375 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:21017 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:22465 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:22629 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:22840 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:23361 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:24833 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:24853 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:28441 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2026-32590 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2446964 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat mirror registry for Red Hat OpenShift 2.0 Unaffected: 1782177012 , < * (rpm)
        cpe:/a:redhat:mirror_registry:2.0::el8
    Create a notification for this product.
    Red Hat Red Hat Quay 3.10 Unaffected: 1779822261 , < * (rpm)
        cpe:/a:redhat:quay:3.10::el8
    Create a notification for this product.
    Red Hat Red Hat Quay 3.12 Unaffected: 1779811412 , < * (rpm)
        cpe:/a:redhat:quay:3.12::el8
    Create a notification for this product.
    Red Hat Red Hat Quay 3.14 Unaffected: 1779689392 , < * (rpm)
        cpe:/a:redhat:quay:3.14::el8
    Create a notification for this product.
    Red Hat Red Hat Quay 3.15 Unaffected: 1780891395 , < * (rpm)
        cpe:/a:redhat:quay:3.15::el8
    Create a notification for this product.
    Red Hat Red Hat Quay 3.16 Unaffected: 1779204086 , < * (rpm)
        cpe:/a:redhat:quay:3.16::el9
    Create a notification for this product.
    Red Hat Red Hat Quay 3.17 Unaffected: 1779922205 , < * (rpm)
        cpe:/a:redhat:quay:3.17::el9
    Create a notification for this product.
    Red Hat Red Hat Quay 3.17 Unaffected: 1780604033 , < * (rpm)
        cpe:/a:redhat:quay:3.17::el9
    Create a notification for this product.
    Red Hat Red Hat Quay 3.9 Unaffected: 1779811473 , < * (rpm)
        cpe:/a:redhat:quay:3.9::el8
    Create a notification for this product.
    Red Hat mirror registry for Red Hat OpenShift     cpe:/a:redhat:mirror_registry:1
    Create a notification for this product.
    Date Public
    2026-04-08 00:00
    Credits
    Red Hat would like to thank Antony Di Scala and Michael Whale for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-32590",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-08T19:14:47.764287Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-08T19:14:55.136Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:mirror_registry:2.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift/mirror-registry-rhel8",
              "product": "mirror registry for Red Hat OpenShift 2.0",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1782177012",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:quay:3.10::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "quay/quay-rhel8",
              "product": "Red Hat Quay 3.10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1779822261",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:quay:3.12::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "quay/quay-rhel8",
              "product": "Red Hat Quay 3.12",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1779811412",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:quay:3.14::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "quay/quay-rhel8",
              "product": "Red Hat Quay 3.14",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1779689392",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:quay:3.15::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "quay/quay-rhel8",
              "product": "Red Hat Quay 3.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1780891395",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:quay:3.16::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "quay/quay-rhel9",
              "product": "Red Hat Quay 3.16",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1779204086",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:quay:3.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "quay/quay-rhel9",
              "product": "Red Hat Quay 3.17",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1779922205",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:quay:3.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "quay/quay-rhel9",
              "product": "Red Hat Quay 3.17",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1780604033",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:quay:3.9::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "quay/quay-rhel8",
              "product": "Red Hat Quay 3.9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1779811473",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:mirror_registry:1"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift/mirror-registry-rhel8",
              "product": "mirror registry for Red Hat OpenShift",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Antony Di Scala and Michael Whale for reporting this issue."
            }
          ],
          "datePublic": "2026-04-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Red Hat Quay\u0027s handling of resumable container image layer uploads. The upload process stores intermediate data in the database using a format that, if tampered with, could allow an attacker to execute arbitrary code on the Quay server."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T00:22:07.156Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2026:19375",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:19375"
            },
            {
              "name": "RHSA-2026:21017",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:21017"
            },
            {
              "name": "RHSA-2026:22465",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:22465"
            },
            {
              "name": "RHSA-2026:22629",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:22629"
            },
            {
              "name": "RHSA-2026:22840",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:22840"
            },
            {
              "name": "RHSA-2026:23361",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:23361"
            },
            {
              "name": "RHSA-2026:24833",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:24833"
            },
            {
              "name": "RHSA-2026:24853",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:24853"
            },
            {
              "name": "RHSA-2026:28441",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:28441"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-32590"
            },
            {
              "name": "RHBZ#2446964",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446964"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-03-12T14:43:11.443Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-04-08T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Mirror-registry: remote code execution using pickle deserialization",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-502: Deserialization of Untrusted Data"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-32590",
        "datePublished": "2026-04-08T17:04:22.870Z",
        "dateReserved": "2026-03-12T14:39:53.657Z",
        "dateUpdated": "2026-07-01T00:22:07.156Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-32589 (GCVE-0-2026-32589)

    Vulnerability from nvd – Published: 2026-04-08 17:04 – Updated: 2026-07-01 12:04
    VLAI
    Title
    Mirror-registry: quay: insecure direct object reference in blobupload
    Summary
    A flaw was found in Red Hat Quay's container image upload process. An authenticated user with push access to any repository on the registry can interfere with image uploads in progress by other users, including those in repositories they do not have access to. This could allow the attacker to read, modify, or cancel another user's in-progress image upload.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2026:19375 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:21017 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:22465 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:22629 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:22840 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:23361 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:24853 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:28441 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2026-32589 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2446963 issue-trackingx_refsource_REDHAT
    https://security.access.redhat.com/data/csaf/v2/v… x_sadp-csaf-vex
    Impacted products
    Vendor Product Version
    Red Hat mirror registry for Red Hat OpenShift 2.0 Unaffected: 1782177012 , < * (rpm)
        cpe:/a:redhat:mirror_registry:2.0::el8
    Create a notification for this product.
    Red Hat Red Hat Quay 3.10 Unaffected: 1779822261 , < * (rpm)
        cpe:/a:redhat:quay:3.10::el8
    Create a notification for this product.
    Red Hat Red Hat Quay 3.12 Unaffected: 1779811412 , < * (rpm)
        cpe:/a:redhat:quay:3.12::el8
    Create a notification for this product.
    Red Hat Red Hat Quay 3.14 Unaffected: 1779689392 , < * (rpm)
        cpe:/a:redhat:quay:3.14::el8
    Create a notification for this product.
    Red Hat Red Hat Quay 3.15 Unaffected: 1780891395 , < * (rpm)
        cpe:/a:redhat:quay:3.15::el8
    Create a notification for this product.
    Red Hat Red Hat Quay 3.16 Unaffected: 1779204086 , < * (rpm)
        cpe:/a:redhat:quay:3.16::el9
    Create a notification for this product.
    Red Hat Red Hat Quay 3.17 Unaffected: 1779922205 , < * (rpm)
        cpe:/a:redhat:quay:3.17::el9
    Create a notification for this product.
    Red Hat Red Hat Quay 3.9 Unaffected: 1779811473 , < * (rpm)
        cpe:/a:redhat:quay:3.9::el8
    Create a notification for this product.
    Red Hat mirror registry for Red Hat OpenShift     cpe:/a:redhat:mirror_registry:1
    Create a notification for this product.
    Red Hat Red Hat Quay 3.10     cpe:/a:redhat:quay:3.10::el8
    Create a notification for this product.
    Red Hat Red Hat Quay 3.12     cpe:/a:redhat:quay:3.12::el8
    Create a notification for this product.
    Red Hat Red Hat Quay 3.14     cpe:/a:redhat:quay:3.14::el8
    Create a notification for this product.
    Red Hat Red Hat Quay 3.15     cpe:/a:redhat:quay:3.15::el8
    Create a notification for this product.
    Red Hat Red Hat Quay 3.16     cpe:/a:redhat:quay:3.16::el9
    Create a notification for this product.
    Red Hat Red Hat Quay 3.17     cpe:/a:redhat:quay:3.17::el9
    Create a notification for this product.
    Red Hat Red Hat Quay 3.9     cpe:/a:redhat:quay:3.9::el8
    Create a notification for this product.
    Red Hat mirror registry for Red Hat OpenShift 2.0     cpe:/a:redhat:mirror_registry:2.0::el8
    Create a notification for this product.
    Date Public
    2026-04-08 00:00
    Credits
    Red Hat would like to thank Antony Di Scala and Michael Whale for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-32589",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-08T18:01:21.450628Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-08T18:01:32.402Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/a:redhat:quay:3.10::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Quay 3.10",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:quay:3.12::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Quay 3.12",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:quay:3.14::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Quay 3.14",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:quay:3.15::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Quay 3.15",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:quay:3.16::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Quay 3.16",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:quay:3.17::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Quay 3.17",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:quay:3.9::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Quay 3.9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:mirror_registry:2.0::el8"
                ],
                "defaultStatus": "affected",
                "product": "mirror registry for Red Hat OpenShift 2.0",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:mirror_registry:1"
                ],
                "defaultStatus": "affected",
                "product": "mirror registry for Red Hat OpenShift",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-04-08T00:00:00.000Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in Red Hat Quay\u0027s container image upload process. An authenticated user with push access to any repository on the registry can interfere with image uploads in progress by other users, including those in repositories they do not have access to. This could allow the attacker to read, modify, or cancel another user\u0027s in-progress image upload."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "LOW",
                  "baseScore": 7.4,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "LOW",
                  "scope": "CHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-639",
                    "description": "Authorization Bypass Through User-Controlled Key",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T12:04:50.676Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-32589"
              },
              {
                "name": "RHBZ#2446963",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446963"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-32589.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:22840"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:22629"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:21017"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:24853"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19375"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:22465"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:23361"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:28441"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:22840: Red Hat Quay 3.10"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:22629: Red Hat Quay 3.12"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:21017: Red Hat Quay 3.14"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:24853: Red Hat Quay 3.15"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19375: Red Hat Quay 3.16"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:22465: Red Hat Quay 3.17"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:23361: Red Hat Quay 3.9"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:28441: mirror registry for Red Hat OpenShift 2.0"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-03-12T14:43:07.878Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-04-08T00:00:00.000Z",
                "value": "Made public."
              }
            ],
            "title": "mirror-registry: quay: insecure direct object reference in BlobUpload",
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:mirror_registry:2.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift/mirror-registry-rhel8",
              "product": "mirror registry for Red Hat OpenShift 2.0",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1782177012",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:quay:3.10::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "quay/quay-rhel8",
              "product": "Red Hat Quay 3.10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1779822261",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:quay:3.12::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "quay/quay-rhel8",
              "product": "Red Hat Quay 3.12",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1779811412",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:quay:3.14::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "quay/quay-rhel8",
              "product": "Red Hat Quay 3.14",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1779689392",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:quay:3.15::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "quay/quay-rhel8",
              "product": "Red Hat Quay 3.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1780891395",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:quay:3.16::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "quay/quay-rhel9",
              "product": "Red Hat Quay 3.16",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1779204086",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:quay:3.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "quay/quay-rhel9",
              "product": "Red Hat Quay 3.17",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1779922205",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:quay:3.9::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "quay/quay-rhel8",
              "product": "Red Hat Quay 3.9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1779811473",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:mirror_registry:1"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift/mirror-registry-rhel8",
              "product": "mirror registry for Red Hat OpenShift",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Antony Di Scala and Michael Whale for reporting this issue."
            }
          ],
          "datePublic": "2026-04-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Red Hat Quay\u0027s container image upload process. An authenticated user with push access to any repository on the registry can interfere with image uploads in progress by other users, including those in repositories they do not have access to. This could allow the attacker to read, modify, or cancel another user\u0027s in-progress image upload."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T00:09:19.041Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2026:19375",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:19375"
            },
            {
              "name": "RHSA-2026:21017",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:21017"
            },
            {
              "name": "RHSA-2026:22465",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:22465"
            },
            {
              "name": "RHSA-2026:22629",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:22629"
            },
            {
              "name": "RHSA-2026:22840",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:22840"
            },
            {
              "name": "RHSA-2026:23361",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:23361"
            },
            {
              "name": "RHSA-2026:24853",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:24853"
            },
            {
              "name": "RHSA-2026:28441",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:28441"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-32589"
            },
            {
              "name": "RHBZ#2446963",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446963"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-03-12T14:43:07.878Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-04-08T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Mirror-registry: quay: insecure direct object reference in blobupload",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-639: Authorization Bypass Through User-Controlled Key"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-32589",
        "datePublished": "2026-04-08T17:04:20.284Z",
        "dateReserved": "2026-03-12T14:39:53.657Z",
        "dateUpdated": "2026-07-01T12:04:50.676Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-2377 (GCVE-0-2026-2377)

    Vulnerability from nvd – Published: 2026-04-08 16:26 – Updated: 2026-07-01 12:04
    VLAI
    Title
    Mirror-registry: quay: quay: server-side request forgery via log export functionality
    Summary
    A flaw was found in Red Hat Quay and mirror registry for Red Hat OpenShift. The log export feature in these products allows an authenticated user to specify an arbitrary callback URL. A backend process then makes server-side HTTP requests to this provided URL. This vulnerability, known as Server-Side Request Forgery (SSRF), could allow an attacker to send requests from the application's internal network, potentially leading to the disclosure of sensitive information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2026:19375 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:21017 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:22629 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:22840 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:23361 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:24853 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2026-2377 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2439201 issue-trackingx_refsource_REDHAT
    https://security.access.redhat.com/data/csaf/v2/v… x_sadp-csaf-vex
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Quay 3.10 Unaffected: 1779822261 , < * (rpm)
        cpe:/a:redhat:quay:3.10::el8
    Create a notification for this product.
    Red Hat Red Hat Quay 3.12 Unaffected: 1779811412 , < * (rpm)
        cpe:/a:redhat:quay:3.12::el8
    Create a notification for this product.
    Red Hat Red Hat Quay 3.14 Unaffected: 1779689392 , < * (rpm)
        cpe:/a:redhat:quay:3.14::el8
    Create a notification for this product.
    Red Hat Red Hat Quay 3.15 Unaffected: 1780891395 , < * (rpm)
        cpe:/a:redhat:quay:3.15::el8
    Create a notification for this product.
    Red Hat Red Hat Quay 3.16 Unaffected: 1779204086 , < * (rpm)
        cpe:/a:redhat:quay:3.16::el9
    Create a notification for this product.
    Red Hat Red Hat Quay 3.9 Unaffected: 1779811473 , < * (rpm)
        cpe:/a:redhat:quay:3.9::el8
    Create a notification for this product.
    Red Hat mirror registry for Red Hat OpenShift     cpe:/a:redhat:mirror_registry:1
    Create a notification for this product.
    Red Hat mirror registry for Red Hat OpenShift 2     cpe:/a:redhat:mirror_registry:2
    Create a notification for this product.
    Red Hat Red Hat Quay 3.10     cpe:/a:redhat:quay:3.10::el8
    Create a notification for this product.
    Red Hat Red Hat Quay 3.12     cpe:/a:redhat:quay:3.12::el8
    Create a notification for this product.
    Red Hat Red Hat Quay 3.14     cpe:/a:redhat:quay:3.14::el8
    Create a notification for this product.
    Red Hat Red Hat Quay 3.15     cpe:/a:redhat:quay:3.15::el8
    Create a notification for this product.
    Red Hat Red Hat Quay 3.16     cpe:/a:redhat:quay:3.16::el9
    Create a notification for this product.
    Red Hat Red Hat Quay 3.9     cpe:/a:redhat:quay:3.9::el8
    Create a notification for this product.
    Date Public
    2026-04-08 16:18
    Credits
    Red Hat would like to thank Antony Di Scala and Michael Whale for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-2377",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-08T18:42:52.638708Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-08T18:43:00.505Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/a:redhat:quay:3.10::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Quay 3.10",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:quay:3.12::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Quay 3.12",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:quay:3.14::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Quay 3.14",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:quay:3.15::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Quay 3.15",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:quay:3.16::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Quay 3.16",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:quay:3.9::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Quay 3.9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:mirror_registry:1"
                ],
                "defaultStatus": "affected",
                "product": "mirror registry for Red Hat OpenShift",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:mirror_registry:2"
                ],
                "defaultStatus": "affected",
                "product": "mirror registry for Red Hat OpenShift 2",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-04-08T16:18:10.324Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in Red Hat Quay and mirror registry for Red Hat OpenShift. The log export feature in these products allows an authenticated user to specify an arbitrary callback URL. A backend process then makes server-side HTTP requests to this provided URL. This vulnerability, known as Server-Side Request Forgery (SSRF), could allow an attacker to send requests from the application\u0027s internal network, potentially leading to the disclosure of sensitive information."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-918",
                    "description": "Server-Side Request Forgery (SSRF)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T12:04:54.901Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-2377"
              },
              {
                "name": "RHBZ#2439201",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439201"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-2377.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:22840"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:22629"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:21017"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:24853"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19375"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:23361"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:22840: Red Hat Quay 3.10"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:22629: Red Hat Quay 3.12"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:21017: Red Hat Quay 3.14"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:24853: Red Hat Quay 3.15"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19375: Red Hat Quay 3.16"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:23361: Red Hat Quay 3.9"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-02-11T21:02:44.495Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-04-08T16:18:10.324Z",
                "value": "Made public."
              }
            ],
            "title": "mirror-registry: quay: quay: Server-Side Request Forgery via log export functionality",
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:quay:3.10::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "quay/quay-rhel8",
              "product": "Red Hat Quay 3.10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1779822261",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:quay:3.12::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "quay/quay-rhel8",
              "product": "Red Hat Quay 3.12",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1779811412",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:quay:3.14::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "quay/quay-rhel8",
              "product": "Red Hat Quay 3.14",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1779689392",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:quay:3.15::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "quay/quay-rhel8",
              "product": "Red Hat Quay 3.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1780891395",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:quay:3.16::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "quay/quay-rhel9",
              "product": "Red Hat Quay 3.16",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1779204086",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:quay:3.9::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "quay/quay-rhel8",
              "product": "Red Hat Quay 3.9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1779811473",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:mirror_registry:1"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift/mirror-registry-rhel8",
              "product": "mirror registry for Red Hat OpenShift",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:mirror_registry:2"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift/mirror-registry-rhel8",
              "product": "mirror registry for Red Hat OpenShift 2",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Antony Di Scala and Michael Whale for reporting this issue."
            }
          ],
          "datePublic": "2026-04-08T16:18:10.324Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Red Hat Quay and mirror registry for Red Hat OpenShift. The log export feature in these products allows an authenticated user to specify an arbitrary callback URL. A backend process then makes server-side HTTP requests to this provided URL. This vulnerability, known as Server-Side Request Forgery (SSRF), could allow an attacker to send requests from the application\u0027s internal network, potentially leading to the disclosure of sensitive information."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T00:07:53.292Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2026:19375",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:19375"
            },
            {
              "name": "RHSA-2026:21017",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:21017"
            },
            {
              "name": "RHSA-2026:22629",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:22629"
            },
            {
              "name": "RHSA-2026:22840",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:22840"
            },
            {
              "name": "RHSA-2026:23361",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:23361"
            },
            {
              "name": "RHSA-2026:24853",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:24853"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-2377"
            },
            {
              "name": "RHBZ#2439201",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439201"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-02-11T21:02:44.495Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-04-08T16:18:10.324Z",
              "value": "Made public."
            }
          ],
          "title": "Mirror-registry: quay: quay: server-side request forgery via log export functionality",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-918: Server-Side Request Forgery (SSRF)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-2377",
        "datePublished": "2026-04-08T16:26:07.649Z",
        "dateReserved": "2026-02-11T20:57:59.704Z",
        "dateUpdated": "2026-07-01T12:04:54.901Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-32590 (GCVE-0-2026-32590)

    Vulnerability from cvelistv5 – Published: 2026-04-08 17:04 – Updated: 2026-07-01 00:22
    VLAI
    Title
    Mirror-registry: remote code execution using pickle deserialization
    Summary
    A flaw was found in Red Hat Quay's handling of resumable container image layer uploads. The upload process stores intermediate data in the database using a format that, if tampered with, could allow an attacker to execute arbitrary code on the Quay server.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2026:19375 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:21017 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:22465 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:22629 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:22840 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:23361 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:24833 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:24853 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:28441 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2026-32590 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2446964 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat mirror registry for Red Hat OpenShift 2.0 Unaffected: 1782177012 , < * (rpm)
        cpe:/a:redhat:mirror_registry:2.0::el8
    Create a notification for this product.
    Red Hat Red Hat Quay 3.10 Unaffected: 1779822261 , < * (rpm)
        cpe:/a:redhat:quay:3.10::el8
    Create a notification for this product.
    Red Hat Red Hat Quay 3.12 Unaffected: 1779811412 , < * (rpm)
        cpe:/a:redhat:quay:3.12::el8
    Create a notification for this product.
    Red Hat Red Hat Quay 3.14 Unaffected: 1779689392 , < * (rpm)
        cpe:/a:redhat:quay:3.14::el8
    Create a notification for this product.
    Red Hat Red Hat Quay 3.15 Unaffected: 1780891395 , < * (rpm)
        cpe:/a:redhat:quay:3.15::el8
    Create a notification for this product.
    Red Hat Red Hat Quay 3.16 Unaffected: 1779204086 , < * (rpm)
        cpe:/a:redhat:quay:3.16::el9
    Create a notification for this product.
    Red Hat Red Hat Quay 3.17 Unaffected: 1779922205 , < * (rpm)
        cpe:/a:redhat:quay:3.17::el9
    Create a notification for this product.
    Red Hat Red Hat Quay 3.17 Unaffected: 1780604033 , < * (rpm)
        cpe:/a:redhat:quay:3.17::el9
    Create a notification for this product.
    Red Hat Red Hat Quay 3.9 Unaffected: 1779811473 , < * (rpm)
        cpe:/a:redhat:quay:3.9::el8
    Create a notification for this product.
    Red Hat mirror registry for Red Hat OpenShift     cpe:/a:redhat:mirror_registry:1
    Create a notification for this product.
    Date Public
    2026-04-08 00:00
    Credits
    Red Hat would like to thank Antony Di Scala and Michael Whale for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-32590",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-08T19:14:47.764287Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-08T19:14:55.136Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:mirror_registry:2.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift/mirror-registry-rhel8",
              "product": "mirror registry for Red Hat OpenShift 2.0",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1782177012",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:quay:3.10::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "quay/quay-rhel8",
              "product": "Red Hat Quay 3.10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1779822261",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:quay:3.12::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "quay/quay-rhel8",
              "product": "Red Hat Quay 3.12",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1779811412",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:quay:3.14::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "quay/quay-rhel8",
              "product": "Red Hat Quay 3.14",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1779689392",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:quay:3.15::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "quay/quay-rhel8",
              "product": "Red Hat Quay 3.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1780891395",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:quay:3.16::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "quay/quay-rhel9",
              "product": "Red Hat Quay 3.16",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1779204086",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:quay:3.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "quay/quay-rhel9",
              "product": "Red Hat Quay 3.17",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1779922205",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:quay:3.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "quay/quay-rhel9",
              "product": "Red Hat Quay 3.17",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1780604033",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:quay:3.9::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "quay/quay-rhel8",
              "product": "Red Hat Quay 3.9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1779811473",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:mirror_registry:1"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift/mirror-registry-rhel8",
              "product": "mirror registry for Red Hat OpenShift",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Antony Di Scala and Michael Whale for reporting this issue."
            }
          ],
          "datePublic": "2026-04-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Red Hat Quay\u0027s handling of resumable container image layer uploads. The upload process stores intermediate data in the database using a format that, if tampered with, could allow an attacker to execute arbitrary code on the Quay server."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T00:22:07.156Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2026:19375",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:19375"
            },
            {
              "name": "RHSA-2026:21017",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:21017"
            },
            {
              "name": "RHSA-2026:22465",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:22465"
            },
            {
              "name": "RHSA-2026:22629",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:22629"
            },
            {
              "name": "RHSA-2026:22840",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:22840"
            },
            {
              "name": "RHSA-2026:23361",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:23361"
            },
            {
              "name": "RHSA-2026:24833",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:24833"
            },
            {
              "name": "RHSA-2026:24853",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:24853"
            },
            {
              "name": "RHSA-2026:28441",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:28441"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-32590"
            },
            {
              "name": "RHBZ#2446964",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446964"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-03-12T14:43:11.443Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-04-08T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Mirror-registry: remote code execution using pickle deserialization",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-502: Deserialization of Untrusted Data"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-32590",
        "datePublished": "2026-04-08T17:04:22.870Z",
        "dateReserved": "2026-03-12T14:39:53.657Z",
        "dateUpdated": "2026-07-01T00:22:07.156Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-32589 (GCVE-0-2026-32589)

    Vulnerability from cvelistv5 – Published: 2026-04-08 17:04 – Updated: 2026-07-01 12:04
    VLAI
    Title
    Mirror-registry: quay: insecure direct object reference in blobupload
    Summary
    A flaw was found in Red Hat Quay's container image upload process. An authenticated user with push access to any repository on the registry can interfere with image uploads in progress by other users, including those in repositories they do not have access to. This could allow the attacker to read, modify, or cancel another user's in-progress image upload.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2026:19375 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:21017 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:22465 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:22629 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:22840 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:23361 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:24853 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:28441 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2026-32589 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2446963 issue-trackingx_refsource_REDHAT
    https://security.access.redhat.com/data/csaf/v2/v… x_sadp-csaf-vex
    Impacted products
    Vendor Product Version
    Red Hat mirror registry for Red Hat OpenShift 2.0 Unaffected: 1782177012 , < * (rpm)
        cpe:/a:redhat:mirror_registry:2.0::el8
    Create a notification for this product.
    Red Hat Red Hat Quay 3.10 Unaffected: 1779822261 , < * (rpm)
        cpe:/a:redhat:quay:3.10::el8
    Create a notification for this product.
    Red Hat Red Hat Quay 3.12 Unaffected: 1779811412 , < * (rpm)
        cpe:/a:redhat:quay:3.12::el8
    Create a notification for this product.
    Red Hat Red Hat Quay 3.14 Unaffected: 1779689392 , < * (rpm)
        cpe:/a:redhat:quay:3.14::el8
    Create a notification for this product.
    Red Hat Red Hat Quay 3.15 Unaffected: 1780891395 , < * (rpm)
        cpe:/a:redhat:quay:3.15::el8
    Create a notification for this product.
    Red Hat Red Hat Quay 3.16 Unaffected: 1779204086 , < * (rpm)
        cpe:/a:redhat:quay:3.16::el9
    Create a notification for this product.
    Red Hat Red Hat Quay 3.17 Unaffected: 1779922205 , < * (rpm)
        cpe:/a:redhat:quay:3.17::el9
    Create a notification for this product.
    Red Hat Red Hat Quay 3.9 Unaffected: 1779811473 , < * (rpm)
        cpe:/a:redhat:quay:3.9::el8
    Create a notification for this product.
    Red Hat mirror registry for Red Hat OpenShift     cpe:/a:redhat:mirror_registry:1
    Create a notification for this product.
    Red Hat Red Hat Quay 3.10     cpe:/a:redhat:quay:3.10::el8
    Create a notification for this product.
    Red Hat Red Hat Quay 3.12     cpe:/a:redhat:quay:3.12::el8
    Create a notification for this product.
    Red Hat Red Hat Quay 3.14     cpe:/a:redhat:quay:3.14::el8
    Create a notification for this product.
    Red Hat Red Hat Quay 3.15     cpe:/a:redhat:quay:3.15::el8
    Create a notification for this product.
    Red Hat Red Hat Quay 3.16     cpe:/a:redhat:quay:3.16::el9
    Create a notification for this product.
    Red Hat Red Hat Quay 3.17     cpe:/a:redhat:quay:3.17::el9
    Create a notification for this product.
    Red Hat Red Hat Quay 3.9     cpe:/a:redhat:quay:3.9::el8
    Create a notification for this product.
    Red Hat mirror registry for Red Hat OpenShift 2.0     cpe:/a:redhat:mirror_registry:2.0::el8
    Create a notification for this product.
    Date Public
    2026-04-08 00:00
    Credits
    Red Hat would like to thank Antony Di Scala and Michael Whale for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-32589",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-08T18:01:21.450628Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-08T18:01:32.402Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/a:redhat:quay:3.10::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Quay 3.10",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:quay:3.12::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Quay 3.12",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:quay:3.14::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Quay 3.14",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:quay:3.15::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Quay 3.15",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:quay:3.16::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Quay 3.16",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:quay:3.17::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Quay 3.17",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:quay:3.9::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Quay 3.9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:mirror_registry:2.0::el8"
                ],
                "defaultStatus": "affected",
                "product": "mirror registry for Red Hat OpenShift 2.0",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:mirror_registry:1"
                ],
                "defaultStatus": "affected",
                "product": "mirror registry for Red Hat OpenShift",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-04-08T00:00:00.000Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in Red Hat Quay\u0027s container image upload process. An authenticated user with push access to any repository on the registry can interfere with image uploads in progress by other users, including those in repositories they do not have access to. This could allow the attacker to read, modify, or cancel another user\u0027s in-progress image upload."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "LOW",
                  "baseScore": 7.4,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "LOW",
                  "scope": "CHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-639",
                    "description": "Authorization Bypass Through User-Controlled Key",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T12:04:50.676Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-32589"
              },
              {
                "name": "RHBZ#2446963",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446963"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-32589.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:22840"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:22629"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:21017"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:24853"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19375"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:22465"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:23361"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:28441"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:22840: Red Hat Quay 3.10"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:22629: Red Hat Quay 3.12"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:21017: Red Hat Quay 3.14"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:24853: Red Hat Quay 3.15"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19375: Red Hat Quay 3.16"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:22465: Red Hat Quay 3.17"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:23361: Red Hat Quay 3.9"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:28441: mirror registry for Red Hat OpenShift 2.0"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-03-12T14:43:07.878Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-04-08T00:00:00.000Z",
                "value": "Made public."
              }
            ],
            "title": "mirror-registry: quay: insecure direct object reference in BlobUpload",
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:mirror_registry:2.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift/mirror-registry-rhel8",
              "product": "mirror registry for Red Hat OpenShift 2.0",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1782177012",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:quay:3.10::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "quay/quay-rhel8",
              "product": "Red Hat Quay 3.10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1779822261",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:quay:3.12::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "quay/quay-rhel8",
              "product": "Red Hat Quay 3.12",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1779811412",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:quay:3.14::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "quay/quay-rhel8",
              "product": "Red Hat Quay 3.14",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1779689392",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:quay:3.15::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "quay/quay-rhel8",
              "product": "Red Hat Quay 3.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1780891395",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:quay:3.16::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "quay/quay-rhel9",
              "product": "Red Hat Quay 3.16",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1779204086",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:quay:3.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "quay/quay-rhel9",
              "product": "Red Hat Quay 3.17",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1779922205",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:quay:3.9::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "quay/quay-rhel8",
              "product": "Red Hat Quay 3.9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1779811473",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:mirror_registry:1"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift/mirror-registry-rhel8",
              "product": "mirror registry for Red Hat OpenShift",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Antony Di Scala and Michael Whale for reporting this issue."
            }
          ],
          "datePublic": "2026-04-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Red Hat Quay\u0027s container image upload process. An authenticated user with push access to any repository on the registry can interfere with image uploads in progress by other users, including those in repositories they do not have access to. This could allow the attacker to read, modify, or cancel another user\u0027s in-progress image upload."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T00:09:19.041Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2026:19375",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:19375"
            },
            {
              "name": "RHSA-2026:21017",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:21017"
            },
            {
              "name": "RHSA-2026:22465",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:22465"
            },
            {
              "name": "RHSA-2026:22629",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:22629"
            },
            {
              "name": "RHSA-2026:22840",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:22840"
            },
            {
              "name": "RHSA-2026:23361",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:23361"
            },
            {
              "name": "RHSA-2026:24853",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:24853"
            },
            {
              "name": "RHSA-2026:28441",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:28441"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-32589"
            },
            {
              "name": "RHBZ#2446963",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446963"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-03-12T14:43:07.878Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-04-08T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Mirror-registry: quay: insecure direct object reference in blobupload",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-639: Authorization Bypass Through User-Controlled Key"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-32589",
        "datePublished": "2026-04-08T17:04:20.284Z",
        "dateReserved": "2026-03-12T14:39:53.657Z",
        "dateUpdated": "2026-07-01T12:04:50.676Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-2377 (GCVE-0-2026-2377)

    Vulnerability from cvelistv5 – Published: 2026-04-08 16:26 – Updated: 2026-07-01 12:04
    VLAI
    Title
    Mirror-registry: quay: quay: server-side request forgery via log export functionality
    Summary
    A flaw was found in Red Hat Quay and mirror registry for Red Hat OpenShift. The log export feature in these products allows an authenticated user to specify an arbitrary callback URL. A backend process then makes server-side HTTP requests to this provided URL. This vulnerability, known as Server-Side Request Forgery (SSRF), could allow an attacker to send requests from the application's internal network, potentially leading to the disclosure of sensitive information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2026:19375 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:21017 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:22629 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:22840 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:23361 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:24853 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2026-2377 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2439201 issue-trackingx_refsource_REDHAT
    https://security.access.redhat.com/data/csaf/v2/v… x_sadp-csaf-vex
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Quay 3.10 Unaffected: 1779822261 , < * (rpm)
        cpe:/a:redhat:quay:3.10::el8
    Create a notification for this product.
    Red Hat Red Hat Quay 3.12 Unaffected: 1779811412 , < * (rpm)
        cpe:/a:redhat:quay:3.12::el8
    Create a notification for this product.
    Red Hat Red Hat Quay 3.14 Unaffected: 1779689392 , < * (rpm)
        cpe:/a:redhat:quay:3.14::el8
    Create a notification for this product.
    Red Hat Red Hat Quay 3.15 Unaffected: 1780891395 , < * (rpm)
        cpe:/a:redhat:quay:3.15::el8
    Create a notification for this product.
    Red Hat Red Hat Quay 3.16 Unaffected: 1779204086 , < * (rpm)
        cpe:/a:redhat:quay:3.16::el9
    Create a notification for this product.
    Red Hat Red Hat Quay 3.9 Unaffected: 1779811473 , < * (rpm)
        cpe:/a:redhat:quay:3.9::el8
    Create a notification for this product.
    Red Hat mirror registry for Red Hat OpenShift     cpe:/a:redhat:mirror_registry:1
    Create a notification for this product.
    Red Hat mirror registry for Red Hat OpenShift 2     cpe:/a:redhat:mirror_registry:2
    Create a notification for this product.
    Red Hat Red Hat Quay 3.10     cpe:/a:redhat:quay:3.10::el8
    Create a notification for this product.
    Red Hat Red Hat Quay 3.12     cpe:/a:redhat:quay:3.12::el8
    Create a notification for this product.
    Red Hat Red Hat Quay 3.14     cpe:/a:redhat:quay:3.14::el8
    Create a notification for this product.
    Red Hat Red Hat Quay 3.15     cpe:/a:redhat:quay:3.15::el8
    Create a notification for this product.
    Red Hat Red Hat Quay 3.16     cpe:/a:redhat:quay:3.16::el9
    Create a notification for this product.
    Red Hat Red Hat Quay 3.9     cpe:/a:redhat:quay:3.9::el8
    Create a notification for this product.
    Date Public
    2026-04-08 16:18
    Credits
    Red Hat would like to thank Antony Di Scala and Michael Whale for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-2377",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-08T18:42:52.638708Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-08T18:43:00.505Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/a:redhat:quay:3.10::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Quay 3.10",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:quay:3.12::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Quay 3.12",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:quay:3.14::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Quay 3.14",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:quay:3.15::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Quay 3.15",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:quay:3.16::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Quay 3.16",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:quay:3.9::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Quay 3.9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:mirror_registry:1"
                ],
                "defaultStatus": "affected",
                "product": "mirror registry for Red Hat OpenShift",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:mirror_registry:2"
                ],
                "defaultStatus": "affected",
                "product": "mirror registry for Red Hat OpenShift 2",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-04-08T16:18:10.324Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in Red Hat Quay and mirror registry for Red Hat OpenShift. The log export feature in these products allows an authenticated user to specify an arbitrary callback URL. A backend process then makes server-side HTTP requests to this provided URL. This vulnerability, known as Server-Side Request Forgery (SSRF), could allow an attacker to send requests from the application\u0027s internal network, potentially leading to the disclosure of sensitive information."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-918",
                    "description": "Server-Side Request Forgery (SSRF)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T12:04:54.901Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-2377"
              },
              {
                "name": "RHBZ#2439201",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439201"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-2377.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:22840"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:22629"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:21017"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:24853"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19375"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:23361"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:22840: Red Hat Quay 3.10"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:22629: Red Hat Quay 3.12"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:21017: Red Hat Quay 3.14"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:24853: Red Hat Quay 3.15"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19375: Red Hat Quay 3.16"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:23361: Red Hat Quay 3.9"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-02-11T21:02:44.495Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-04-08T16:18:10.324Z",
                "value": "Made public."
              }
            ],
            "title": "mirror-registry: quay: quay: Server-Side Request Forgery via log export functionality",
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:quay:3.10::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "quay/quay-rhel8",
              "product": "Red Hat Quay 3.10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1779822261",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:quay:3.12::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "quay/quay-rhel8",
              "product": "Red Hat Quay 3.12",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1779811412",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:quay:3.14::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "quay/quay-rhel8",
              "product": "Red Hat Quay 3.14",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1779689392",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:quay:3.15::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "quay/quay-rhel8",
              "product": "Red Hat Quay 3.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1780891395",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:quay:3.16::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "quay/quay-rhel9",
              "product": "Red Hat Quay 3.16",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1779204086",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:quay:3.9::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "quay/quay-rhel8",
              "product": "Red Hat Quay 3.9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1779811473",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:mirror_registry:1"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift/mirror-registry-rhel8",
              "product": "mirror registry for Red Hat OpenShift",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:mirror_registry:2"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift/mirror-registry-rhel8",
              "product": "mirror registry for Red Hat OpenShift 2",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Antony Di Scala and Michael Whale for reporting this issue."
            }
          ],
          "datePublic": "2026-04-08T16:18:10.324Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Red Hat Quay and mirror registry for Red Hat OpenShift. The log export feature in these products allows an authenticated user to specify an arbitrary callback URL. A backend process then makes server-side HTTP requests to this provided URL. This vulnerability, known as Server-Side Request Forgery (SSRF), could allow an attacker to send requests from the application\u0027s internal network, potentially leading to the disclosure of sensitive information."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T00:07:53.292Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2026:19375",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:19375"
            },
            {
              "name": "RHSA-2026:21017",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:21017"
            },
            {
              "name": "RHSA-2026:22629",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:22629"
            },
            {
              "name": "RHSA-2026:22840",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:22840"
            },
            {
              "name": "RHSA-2026:23361",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:23361"
            },
            {
              "name": "RHSA-2026:24853",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:24853"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-2377"
            },
            {
              "name": "RHBZ#2439201",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439201"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-02-11T21:02:44.495Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-04-08T16:18:10.324Z",
              "value": "Made public."
            }
          ],
          "title": "Mirror-registry: quay: quay: server-side request forgery via log export functionality",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-918: Server-Side Request Forgery (SSRF)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-2377",
        "datePublished": "2026-04-08T16:26:07.649Z",
        "dateReserved": "2026-02-11T20:57:59.704Z",
        "dateUpdated": "2026-07-01T12:04:54.901Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }