CVE-2026-10517

Vulnerability

The Clair vulnerability (CVE-2026-10517) resides in the fetcher component, which makes outbound HTTP requests to URIs supplied via manifest layer descriptors without filtering IP addresses or schemes. Affected versions are those of Clair prior to the fix. The attack path is reachable when PSK (pre-shared key) authentication is not configured, as PSK is opt-in and not enforced by default [1].

Exploitation

An unauthenticated attacker can submit a malicious manifest containing a layer descriptor URI pointing to internal services or cloud metadata endpoints (e.g., http://169.254.169.254/latest/meta-data/). The fetcher then makes an HTTP request to the attacker-controlled URI. If the target returns a non-200 response, the error body content (up to 256 bytes) is reflected back to the attacker via CheckResponse error messages [1].

Impact

Successful exploitation results in a server-side request forgery (SSRF) that can leak up to 256 bytes of sensitive information from internal HTTP endpoints, such as cloud metadata or internal service responses. The confidentiality impact is limited by the 256-byte cap and the fact that only error-response bodies are reflected [1].

Mitigation

Operator-managed Red Hat Quay deployments that auto-configure PSK are not exposed to the unauthenticated attack vector [1]. For standalone Clair instances, fixing the vulnerability requires updating to a patched version (details not yet disclosed in the available references). Until a fix is applied, configuring PSK authentication is an effective workaround to block unauthenticated manifest submissions [1].