CVE-2026-32589

EUVD-2026-20513
A flaw was found in Red Hat Quay's container image upload process. An authenticated user with push access to any repository on the registry can interfere with image uploads in progress by other users, including those in repositories they do not have access to. This could allow the attacker to read, modify, or cancel another user's in-progress image upload.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.4 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 13%
Affected Products (NVD)
VendorProductVersion
redhatmirror_registry_for_red_hat_openshift
-
redhatmirror_registry_for_red_hat_openshift
2.0
redhatquay
3.0.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2026:19375
https://access.redhat.com/security/cve/CVE-2026-32589
https://bugzilla.redhat.com/show_bug.cgi?id=2446963