CVE-2026-12566

LOW

SSRF via unvalidated WWW-Authenticate realm in docker_pull module

Title source: cna

Description

The docker_pull module uses the realm parameter from a Docker registry's WWW-Authenticate response header as the authentication endpoint without validation. An attacker in a man-in-the-middle position between bbot and a Docker registry could modify this header to redirect the authentication request to an arbitrary endpoint, potentially leaking authentication tokens.

References (1)

Core 1

Core References

https://github.com/blacklanternsecurity/bbot/commit/c2f4bc0f4

View Patch ZIP pw:eip

Scores

CVSS v3 3.1

EPSS 0.0017

EPSS Percentile 6.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-918

Status published

Products (2)

Black Lantern Security/BBOT 2.0.0 - <=2.8.4

pypi/bbot 2.0.0 - 2.8.5PyPI

Published Jun 17, 2026

Tracked Since Jun 18, 2026