CVE-2026-6848

Name of the Vulnerable Software and Affected Versions Red Hat Quay (affected versions not specified)

Description A flaw exists where the password re-verification prompt for sensitive operations, such as token generation or robot account creation, can be bypassed. This allows a user with a timed-out session or an attacker with access to an idle authenticated browser session to perform privileged actions without providing valid credentials, even if the user interface displays an error for invalid credentials.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.