๐Ÿ” CVE Alert

CVE-2026-2377

MEDIUM 6.5

Mirror-registry: quay: quay: server-side request forgery via log export functionality

CVSS Score
6.5
EPSS Score
0.0%
EPSS Percentile
5th

A flaw was found in mirror-registry. Authenticated users can exploit the log export feature by providing a specially crafted web address (URL). This allows the application's backend to make arbitrary requests to internal network resources, a vulnerability known as Server-Side Request Forgery (SSRF). This could lead to unauthorized access to sensitive information or other internal systems.

CWE CWE-918
Vendor red hat
Product red hat quay 3.1
Published Apr 8, 2026
Last Updated Jun 9, 2026
Stay Ahead of the Next One

Get instant alerts for red hat red hat quay 3.1

Be the first to know when new medium vulnerabilities affecting red hat red hat quay 3.1 are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Affected Versions

Red Hat / Red Hat Quay 3.1
All versions affected
Red Hat / Red Hat Quay 3.12
All versions affected
Red Hat / Red Hat Quay 3.14
All versions affected
Red Hat / Red Hat Quay 3.15
All versions affected
Red Hat / Red Hat Quay 3.16
All versions affected
Red Hat / Red Hat Quay 3.9
All versions affected
Red Hat / mirror registry for Red Hat OpenShift
All versions affected
Red Hat / mirror registry for Red Hat OpenShift 2
All versions affected

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
access.redhat.com: https://access.redhat.com/errata/RHSA-2026:19375 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:21017 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:22629 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:22840 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:23361 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:24853 access.redhat.com: https://access.redhat.com/security/cve/CVE-2026-2377 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2439201

Credits

Red Hat would like to thank Antony Di Scala and Michael Whale for reporting this issue.