Zurück zur CVE-Übersicht
CVE-2026-32591
MEDIUM(5.2)CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N
Risk Signal Score13/100 — NIEDRIG
- CVSS 5.2 — Mittel
EPSS-Score
0%
Exploit-Wahrscheinlichkeit (30 Tage)
CVSS Score
5.2
Technische Schwere
Beschreibung
A flaw was found in Red Hat Quay's Proxy Cache configuration feature. When an organization administrator configures an upstream registry for proxy caching, Quay makes a network connection to the specified registry hostname without verifying that it points to a legitimate external service. An attacker with organization administrator privileges could supply a crafted hostname to force the Quay server to make requests to internal network services, cloud infrastructure endpoints, or other resources that should not be accessible from the Quay application.
Referenzen
- https://access.redhat.com/errata/RHSA-2026:24833
- https://access.redhat.com/errata/RHSA-2026:40262
- https://access.redhat.com/security/cve/CVE-2026-32591
- https://bugzilla.redhat.com/show_bug.cgi?id=2446965
- https://access.redhat.com/errata/RHSA-2026:24833
- https://access.redhat.com/security/cve/CVE-2026-32591
- https://bugzilla.redhat.com/show_bug.cgi?id=2446965
- https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-32591.json