5.5
CVE-2026-32591
- EPSS 0.26%
- Veröffentlicht 08.04.2026 17:06:58
- Zuletzt bearbeitet 30.06.2026 03:18:32
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Mirror-registry: quay: server-side request forgery in proxy cache upstream registry configuration
A flaw was found in Red Hat Quay's Proxy Cache configuration feature. When an organization administrator configures an upstream registry for proxy caching, Quay makes a network connection to the specified registry hostname without verifying that it points to a legitimate external service. An attacker with organization administrator privileges could supply a crafted hostname to force the Quay server to make requests to internal network services, cloud infrastructure endpoints, or other resources that should not be accessible from the Quay application.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Redhat ≫ Mirror Registry For Red Hat Openshift Version-
Redhat ≫ Mirror Registry For Red Hat Openshift Version2.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.26% | 0.168 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.2 | 4.2 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N
|
| secalert@redhat.com | 5.2 | 0.9 | 4.2 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N
|
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | 5.2 | 0.9 | 4.2 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N
|
CWE-918 Server-Side Request Forgery (SSRF)
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
https://access.redhat.com/security/cve/CVE-2026-32591
https://bugzilla.redhat.com/show_bug.cgi?id=2446965
https://access.redhat.com/errata/RHSA-2026:24833
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-32591.json