Medium severity4.9NVD Advisory· Published Mar 12, 2026· Updated Jun 2, 2026
CVE-2026-2376
CVE-2026-2376
Description
A flaw was found in mirror-registry where an authenticated user can trick the system into accessing unintended internal or restricted systems by providing malicious web addresses.
When the application processes these addresses, it automatically follows redirects without verifying the final destination, allowing attackers to route requests to systems they should not have access to.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
6- cpe:2.3:a:redhat:mirror_registry:-:*:*:*:*:openshift:*:*
cpe:/a:redhat:mirror_registry:1+ 1 more
- cpe:/a:redhat:mirror_registry:1
- cpe:/a:redhat:mirror_registry:2
- Red Hat/Red Hat Quay 3v5cpe:/a:redhat:quay:3
Patches
Vulnerability mechanics
References
3- github.com/quay/quay/pull/5074nvdIssue TrackingPatch
- access.redhat.com/security/cve/CVE-2026-2376nvdVendor Advisory
- bugzilla.redhat.com/show_bug.cginvdVendor Advisory
News mentions
0No linked articles in our index yet.