CVE-2026-32589

EPSS 0.04%
Veröffentlicht 08.04.2026 17:04:20
Zuletzt bearbeitet 28.04.2026 07:16:03
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

Mirror-registry: quay: insecure direct object reference in blobupload

A flaw was found in Red Hat Quay's container image upload process. An authenticated user with push access to any repository on the registry can interfere with image uploads in progress by other users, including those in repositories they do not have access to. This could allow the attacker to read, modify, or cancel another user's in-progress image upload.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 3 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Redhat ≫ Mirror Registry For Red Hat Openshift Version-

Redhat ≫ Mirror Registry For Red Hat Openshift Version2.0

Redhat ≫ Quay Version3.0.0

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.111

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secalert@redhat.com	7.4	3.1	3.7	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
nvd@nist.gov	6.3	2.8	3.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE-639 Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

https://access.redhat.com/security/cve/CVE-2026-32589

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2446963

Vendor Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2026-32589

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-32589

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-32589

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-32589