CVE-2026-32591
MEDIUMMirror-registry: quay: server-side request forgery in proxy cache upstream registry configuration
Title source: cnaDescription
A flaw was found in Red Hat Quay's Proxy Cache configuration feature. When an organization administrator configures an upstream registry for proxy caching, Quay makes a network connection to the specified registry hostname without verifying that it points to a legitimate external service. An attacker with organization administrator privileges could supply a crafted hostname to force the Quay server to make requests to internal network services, cloud infrastructure endpoints, or other resources that should not be accessible from the Quay application.
References (5)
Core 5
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:24833
https://access.redhat.com/errata/RHSA-2026:24833
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:19375
https://access.redhat.com/errata/RHSA-2026:19375
Vdb Entry, X_Refsource_Redhat vdb-entry
x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2026-32591
Issue Tracking, X_Refsource_Redhat issue-tracking
x_refsource_redhat
RHBZ#2446965
https://bugzilla.redhat.com/show_bug.cgi?id=2446965
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:21017
https://access.redhat.com/errata/RHSA-2026:21017
Scores
CVSS v3
5.2
EPSS
0.0024
EPSS Percentile
14.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-918
Status
published
Products (9)
Red Hat/mirror registry for Red Hat OpenShift
Red Hat/mirror registry for Red Hat OpenShift 2
Red Hat/Red Hat Quay 3
Red Hat/Red Hat Quay 3.14
1779689392
Red Hat/Red Hat Quay 3.16
1779204086
Red Hat/Red Hat Quay 3.17
1780604033
redhat/mirror_registry_for_red_hat_openshift
redhat/mirror_registry_for_red_hat_openshift
2.0
redhat/quay
3.0.0
Published
Apr 08, 2026
Tracked Since
Apr 08, 2026