CVE-2026-2376
Mirror-registry: quay: quay: server-side request forgery via open redirect vulnerability in web interface
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 4.9EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
12 mar 2026Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
A flaw was found in mirror-registry where an authenticated user can trick the system into accessing unintended internal or restricted systems by providing malicious web addresses.
When the application processes these addresses, it automatically follows redirects without verifying the final destination, allowing attackers to route requests to systems they should not have access to.
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N
Produtos afetados
Red Hat · mirror registry for Red Hat OpenShiftRed Hat · mirror registry for Red Hat OpenShift 2Red Hat · Red Hat Quay 3Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →