CVE-2026-32589
HIGHMirror-registry: quay: insecure direct object reference in blobupload
Title source: cnaDescription
A flaw was found in Red Hat Quay's container image upload process. An authenticated user with push access to any repository on the registry can interfere with image uploads in progress by other users, including those in repositories they do not have access to. This could allow the attacker to read, modify, or cancel another user's in-progress image upload.
References (9)
Core 9
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:22465
https://access.redhat.com/errata/RHSA-2026:22465
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:22629
https://access.redhat.com/errata/RHSA-2026:22629
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:22840
https://access.redhat.com/errata/RHSA-2026:22840
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:23361
https://access.redhat.com/errata/RHSA-2026:23361
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:24853
https://access.redhat.com/errata/RHSA-2026:24853
Vdb Entry, X_Refsource_Redhat vdb-entry
x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2026-32589
Issue Tracking, X_Refsource_Redhat issue-tracking
x_refsource_redhat
RHBZ#2446963
https://bugzilla.redhat.com/show_bug.cgi?id=2446963
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:19375
https://access.redhat.com/errata/RHSA-2026:19375
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:21017
https://access.redhat.com/errata/RHSA-2026:21017
Scores
CVSS v3
7.4
EPSS
0.0024
EPSS Percentile
14.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-639
Status
published
Products (13)
Red Hat/mirror registry for Red Hat OpenShift
Red Hat/mirror registry for Red Hat OpenShift 2
Red Hat/Red Hat Quay 3
Red Hat/Red Hat Quay 3.1
1779822261
Red Hat/Red Hat Quay 3.12
1779811412
Red Hat/Red Hat Quay 3.14
1779689392
Red Hat/Red Hat Quay 3.15
1780891395
Red Hat/Red Hat Quay 3.16
1779204086
Red Hat/Red Hat Quay 3.17
1779922205
Red Hat/Red Hat Quay 3.9
1779811473
... and 3 more
Published
Apr 08, 2026
Tracked Since
Apr 08, 2026