CVE-2026-35172

Name of the Vulnerable Software and Affected Versions distribution versions 3.0.x and earlier, versions 2.8.x and earlier when redis blob descriptor cache and delete are both enabled

Description distribution, a toolkit for managing container content, is susceptible to a confidentiality issue. When storage.cache.blobdescriptor: redis and storage.delete.enabled: true are both enabled, a deleted blob can become readable again in repo a after an explicit delete due to stale repo-scoped membership in the redis cache. The delete process clears the shared digest descriptor but fails to remove the repository-specific membership, allowing a subsequent Stat or Get request from repo b to repopulate the descriptor and restore access in repo a. This creates a revocation gap at the repository boundary, potentially exposing previously deleted content. The issue involves the interaction between linkedBlobStore.Delete, blobAccessController.Clear, cachedBlobStatter.Clear, and repositoryScopedRedisBlobDescriptorService.Clear functions. The vulnerability allows an attacker to regain access to content in repo a after it has been explicitly deleted, by leveraging the shared descriptor repopulation from repo b.

Recommendations For versions 3.0.x and earlier, and versions 2.8.x and earlier when redis blob descriptor cache and delete are both enabled, ensure that the redis invalidation process revokes repo-scoped state along with the backend link deletion. This includes removing the digest from the repository membership set and deleting the repo-scoped descriptor hash to prevent peer-repository warming from restoring access in the repository that initiated the deletion.