CVE-2026-33540

Distribution versions prior to 3.1.0 are affected by an issue where the software incorrectly handles token authentication endpoints. Specifically, when operating in pull-through cache mode, the software parses WWW-Authenticate challenges from the upstream registry without validating the realm URL against the upstream host. This allows an attacker controlling the upstream or performing a Man-in-the-Middle (MitM) attack to cause the software to send upstream credentials via basic authentication to an attacker-controlled realm URL. The vulnerable code sections include registry/proxy/proxyauth.go:66-81 (getAuthURLs), internal/client/auth/session.go:485-510 (fetchToken), and internal/client/auth/session.go:429-434 (fetchTokenWithBasicAuth). The impact of this issue is the potential exfiltration of upstream authentication credentials. Affected components include the getAuthURLs function, which extracts the bearer realm without destination validation, and the fetchToken and fetchTokenWithBasicAuth functions, which directly use the realm URL for token fetching and basic authentication, respectively.

To resolve this issue, validate that the token realm destination is within the intended trust boundary before associating credentials with it. A conservative approach is to implement strict same-host binding, only accepting realms whose host matches the configured upstream host.