CVE-2026-2376
Mirror-registry: quay: quay: server-side request forgery via open redirect vulnerability in web interface
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 4.9EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
12 mar 2026Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
A flaw was found in mirror-registry where an authenticated user can trick the system into accessing unintended internal or restricted systems by providing malicious web addresses.
When the application processes these addresses, it automatically follows redirects without verifying the final destination, allowing attackers to route requests to systems they should not have access to.
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N
Productos afectados
Red Hat · mirror registry for Red Hat OpenShiftRed Hat · mirror registry for Red Hat OpenShift 2Red Hat · Red Hat Quay 3¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →