CVE-2026-2376

Mirror-registry: quay: quay: server-side request forgery via open redirect vulnerability in web interface

CVSS 4.9 MEDIUMEPSS 0.2%CWE-601

A flaw was found in mirror-registry where an authenticated user can trick the system into accessing unintended internal or restricted systems by providing malicious web addresses. When the application processes these addresses, it automatically follows redirects without verifying the final destination, allowing attackers to route requests to systems they should not have access to.

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N

Produtos afetados

Red Hat · mirror registry for Red Hat OpenShift Red Hat · mirror registry for Red Hat OpenShift 2 Red Hat · Red Hat Quay 3

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://access.redhat.com/security/cve/CVE-2026-2376 https://bugzilla.redhat.com/show_bug.cgi?id=2439117 https://github.com/quay/quay/pull/5074