{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-2377","assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","state":"PUBLISHED","assignerShortName":"redhat","dateReserved":"2026-02-11T20:57:59.704Z","datePublished":"2026-04-08T16:26:07.649Z","dateUpdated":"2026-07-01T12:04:54.901Z"},"containers":{"cna":{"title":"Mirror-registry: quay: quay: server-side request forgery via log export functionality","metrics":[{"other":{"content":{"value":"Important","namespace":"https://access.redhat.com/security/updates/classification/"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","version":"3.1"},"format":"CVSS"}],"descriptions":[{"lang":"en","value":"A flaw was found in Red Hat Quay and mirror registry for Red Hat OpenShift. The log export feature in these products allows an authenticated user to specify an arbitrary callback URL. A backend process then makes server-side HTTP requests to this provided URL. This vulnerability, known as Server-Side Request Forgery (SSRF), could allow an attacker to send requests from the application's internal network, potentially leading to the disclosure of sensitive information."}],"affected":[{"vendor":"Red Hat","product":"Red Hat Quay 3.10","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"quay/quay-rhel8","defaultStatus":"affected","versions":[{"version":"1779822261","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:quay:3.10::el8"]},{"vendor":"Red Hat","product":"Red Hat Quay 3.12","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"quay/quay-rhel8","defaultStatus":"affected","versions":[{"version":"1779811412","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:quay:3.12::el8"]},{"vendor":"Red Hat","product":"Red Hat Quay 3.14","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"quay/quay-rhel8","defaultStatus":"affected","versions":[{"version":"1779689392","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:quay:3.14::el8"]},{"vendor":"Red Hat","product":"Red Hat Quay 3.15","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"quay/quay-rhel8","defaultStatus":"affected","versions":[{"version":"1780891395","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:quay:3.15::el8"]},{"vendor":"Red Hat","product":"Red Hat Quay 3.16","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"quay/quay-rhel9","defaultStatus":"affected","versions":[{"version":"1779204086","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:quay:3.16::el9"]},{"vendor":"Red Hat","product":"Red Hat Quay 3.9","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"quay/quay-rhel8","defaultStatus":"affected","versions":[{"version":"1779811473","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:quay:3.9::el8"]},{"vendor":"Red Hat","product":"mirror registry for Red Hat OpenShift","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift/mirror-registry-rhel8","defaultStatus":"affected","cpes":["cpe:/a:redhat:mirror_registry:1"]},{"vendor":"Red Hat","product":"mirror registry for Red Hat OpenShift 2","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift/mirror-registry-rhel8","defaultStatus":"affected","cpes":["cpe:/a:redhat:mirror_registry:2"]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:19375","name":"RHSA-2026:19375","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2026:21017","name":"RHSA-2026:21017","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2026:22629","name":"RHSA-2026:22629","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2026:22840","name":"RHSA-2026:22840","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2026:23361","name":"RHSA-2026:23361","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2026:24853","name":"RHSA-2026:24853","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/security/cve/CVE-2026-2377","tags":["vdb-entry","x_refsource_REDHAT"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2439201","name":"RHBZ#2439201","tags":["issue-tracking","x_refsource_REDHAT"]}],"datePublic":"2026-04-08T16:18:10.324Z","problemTypes":[{"descriptions":[{"cweId":"CWE-918","description":"Server-Side Request Forgery (SSRF)","lang":"en","type":"CWE"}]}],"x_redhatCweChain":"CWE-918: Server-Side Request Forgery (SSRF)","timeline":[{"lang":"en","time":"2026-02-11T21:02:44.495Z","value":"Reported to Red Hat."},{"lang":"en","time":"2026-04-08T16:18:10.324Z","value":"Made public."}],"credits":[{"lang":"en","value":"Red Hat would like to thank Antony Di Scala and Michael Whale for reporting this issue."}],"providerMetadata":{"orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat","dateUpdated":"2026-07-01T00:07:53.292Z"},"x_generator":{"engine":"cvelib 1.8.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-04-08T18:42:52.638708Z","id":"CVE-2026-2377","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-04-08T18:43:00.505Z"}},{"affected":[{"cpes":["cpe:/a:redhat:quay:3.10::el8"],"defaultStatus":"affected","product":"Red Hat Quay 3.10","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:quay:3.12::el8"],"defaultStatus":"affected","product":"Red Hat Quay 3.12","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:quay:3.14::el8"],"defaultStatus":"affected","product":"Red Hat Quay 3.14","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:quay:3.15::el8"],"defaultStatus":"affected","product":"Red Hat Quay 3.15","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:quay:3.16::el9"],"defaultStatus":"affected","product":"Red Hat Quay 3.16","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:quay:3.9::el8"],"defaultStatus":"affected","product":"Red Hat Quay 3.9","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:mirror_registry:1"],"defaultStatus":"affected","product":"mirror registry for Red Hat OpenShift","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:mirror_registry:2"],"defaultStatus":"affected","product":"mirror registry for Red Hat OpenShift 2","vendor":"Red Hat"}],"datePublic":"2026-04-08T16:18:10.324Z","descriptions":[{"lang":"en","value":"A flaw was found in Red Hat Quay and mirror registry for Red Hat OpenShift. The log export feature in these products allows an authenticated user to specify an arbitrary callback URL. A backend process then makes server-side HTTP requests to this provided URL. This vulnerability, known as Server-Side Request Forgery (SSRF), could allow an attacker to send requests from the application's internal network, potentially leading to the disclosure of sensitive information."}],"metrics":[{"other":{"content":{"namespace":"https://access.redhat.com/security/updates/classification/","value":"Important"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-918","description":"Server-Side Request Forgery (SSRF)","lang":"en","type":"CWE"}]}],"references":[{"tags":["vdb-entry","x_refsource_REDHAT"],"url":"https://access.redhat.com/security/cve/CVE-2026-2377"},{"name":"RHBZ#2439201","tags":["issue-tracking","x_refsource_REDHAT"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2439201"},{"tags":["x_sadp-csaf-vex"],"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-2377.json"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:22840"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:22629"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:21017"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:24853"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:19375"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:23361"}],"solutions":[{"lang":"en","value":"RHSA-2026:22840: Red Hat Quay 3.10"},{"lang":"en","value":"RHSA-2026:22629: Red Hat Quay 3.12"},{"lang":"en","value":"RHSA-2026:21017: Red Hat Quay 3.14"},{"lang":"en","value":"RHSA-2026:24853: Red Hat Quay 3.15"},{"lang":"en","value":"RHSA-2026:19375: Red Hat Quay 3.16"},{"lang":"en","value":"RHSA-2026:23361: Red Hat Quay 3.9"}],"timeline":[{"lang":"en","time":"2026-02-11T21:02:44.495Z","value":"Reported to Red Hat."},{"lang":"en","time":"2026-04-08T16:18:10.324Z","value":"Made public."}],"title":"mirror-registry: quay: quay: Server-Side Request Forgery via log export functionality","x_adpType":"supplier","x_generator":{"engine":"sadp-cli 1.0.0"},"providerMetadata":{"orgId":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","shortName":"redhat-SADP","dateUpdated":"2026-07-01T12:04:54.901Z"}}]}}