CVE-2026-32591

Mirror-registry: quay: server-side request forgery in proxy cache upstream registry configuration

CVSS 5.2 MEDIUMEPSS 0.2%CWE-918

A flaw was found in Red Hat Quay's Proxy Cache configuration feature. When an organization administrator configures an upstream registry for proxy caching, Quay makes a network connection to the specified registry hostname without verifying that it points to a legitimate external service. An attacker with organization administrator privileges could supply a crafted hostname to force the Quay server to make requests to internal network services, cloud infrastructure endpoints, or other resources that should not be accessible from the Quay application.

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N

Productos afectados

Red Hat · mirror registry for Red Hat OpenShift Red Hat · mirror registry for Red Hat OpenShift 2 Red Hat · Red Hat Quay 3 Red Hat · Red Hat Quay 3.17

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://access.redhat.com/errata/RHSA-2026:24833 https://access.redhat.com/security/cve/CVE-2026-32591 https://bugzilla.redhat.com/show_bug.cgi?id=2446965