PT-2026-31341 · Red Hat · Red Hat Quay
Published
2026-04-08
·
Updated
2026-04-28
·
CVE-2026-32589
CVSS v3.1
7.4
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Red Hat Quay (affected versions not specified)
Description
A flaw exists in Red Hat Quay's container image upload process. An authenticated user with push access to any repository can interfere with image uploads in progress by other users, even those in repositories they do not have access to. This could allow an attacker to read, modify, or cancel another user's in-progress image upload.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Red Hat Quay