Vulnerabilities in distribution
4 resultsCVE-2025-24976MEDIUMDistribution's token authentication allows attacker to inject an untrusted signing key in a JWTEPSS 0.3%CVE-2026-41888MEDIUMDistribution: Tag deletion bypasses `storage.delete.enabled` configurationEPSS 0.3%CVE-2026-35172HIGHDistribution has stale blob access resurrection via repo-scoped redis descriptor cache invalidationEPSS 0.3%CVE-2026-33540HIGHDistribution affected by pull-through cache credential exfiltration via www-authenticate bearer realmEPSS 0.3%