{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-32589","assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","state":"PUBLISHED","assignerShortName":"redhat","dateReserved":"2026-03-12T14:39:53.657Z","datePublished":"2026-04-08T17:04:20.284Z","dateUpdated":"2026-07-01T12:04:50.676Z"},"containers":{"cna":{"title":"Mirror-registry: quay: insecure direct object reference in blobupload","metrics":[{"other":{"content":{"value":"Important","namespace":"https://access.redhat.com/security/updates/classification/"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"LOW","baseScore":7.4,"baseSeverity":"HIGH","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"LOW","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L","version":"3.1"},"format":"CVSS"}],"descriptions":[{"lang":"en","value":"A flaw was found in Red Hat Quay's container image upload process. An authenticated user with push access to any repository on the registry can interfere with image uploads in progress by other users, including those in repositories they do not have access to. This could allow the attacker to read, modify, or cancel another user's in-progress image upload."}],"affected":[{"vendor":"Red Hat","product":"mirror registry for Red Hat OpenShift 2.0","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift/mirror-registry-rhel8","defaultStatus":"affected","versions":[{"version":"1782177012","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:mirror_registry:2.0::el8"]},{"vendor":"Red Hat","product":"Red Hat Quay 3.10","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"quay/quay-rhel8","defaultStatus":"affected","versions":[{"version":"1779822261","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:quay:3.10::el8"]},{"vendor":"Red Hat","product":"Red Hat Quay 3.12","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"quay/quay-rhel8","defaultStatus":"affected","versions":[{"version":"1779811412","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:quay:3.12::el8"]},{"vendor":"Red Hat","product":"Red Hat Quay 3.14","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"quay/quay-rhel8","defaultStatus":"affected","versions":[{"version":"1779689392","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:quay:3.14::el8"]},{"vendor":"Red Hat","product":"Red Hat Quay 3.15","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"quay/quay-rhel8","defaultStatus":"affected","versions":[{"version":"1780891395","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:quay:3.15::el8"]},{"vendor":"Red Hat","product":"Red Hat Quay 3.16","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"quay/quay-rhel9","defaultStatus":"affected","versions":[{"version":"1779204086","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:quay:3.16::el9"]},{"vendor":"Red Hat","product":"Red Hat Quay 3.17","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"quay/quay-rhel9","defaultStatus":"affected","versions":[{"version":"1779922205","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:quay:3.17::el9"]},{"vendor":"Red Hat","product":"Red Hat Quay 3.9","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"quay/quay-rhel8","defaultStatus":"affected","versions":[{"version":"1779811473","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:quay:3.9::el8"]},{"vendor":"Red Hat","product":"mirror registry for Red Hat OpenShift","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift/mirror-registry-rhel8","defaultStatus":"affected","cpes":["cpe:/a:redhat:mirror_registry:1"]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:19375","name":"RHSA-2026:19375","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2026:21017","name":"RHSA-2026:21017","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2026:22465","name":"RHSA-2026:22465","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2026:22629","name":"RHSA-2026:22629","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2026:22840","name":"RHSA-2026:22840","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2026:23361","name":"RHSA-2026:23361","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2026:24853","name":"RHSA-2026:24853","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2026:28441","name":"RHSA-2026:28441","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/security/cve/CVE-2026-32589","tags":["vdb-entry","x_refsource_REDHAT"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2446963","name":"RHBZ#2446963","tags":["issue-tracking","x_refsource_REDHAT"]}],"datePublic":"2026-04-08T00:00:00.000Z","problemTypes":[{"descriptions":[{"cweId":"CWE-639","description":"Authorization Bypass Through User-Controlled Key","lang":"en","type":"CWE"}]}],"x_redhatCweChain":"CWE-639: Authorization Bypass Through User-Controlled Key","timeline":[{"lang":"en","time":"2026-03-12T14:43:07.878Z","value":"Reported to Red Hat."},{"lang":"en","time":"2026-04-08T00:00:00.000Z","value":"Made public."}],"credits":[{"lang":"en","value":"Red Hat would like to thank Antony Di Scala and Michael Whale for reporting this issue."}],"providerMetadata":{"orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat","dateUpdated":"2026-07-01T00:09:19.041Z"},"x_generator":{"engine":"cvelib 1.8.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-04-08T18:01:21.450628Z","id":"CVE-2026-32589","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-04-08T18:01:32.402Z"}},{"affected":[{"cpes":["cpe:/a:redhat:quay:3.10::el8"],"defaultStatus":"affected","product":"Red Hat Quay 3.10","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:quay:3.12::el8"],"defaultStatus":"affected","product":"Red Hat Quay 3.12","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:quay:3.14::el8"],"defaultStatus":"affected","product":"Red Hat Quay 3.14","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:quay:3.15::el8"],"defaultStatus":"affected","product":"Red Hat Quay 3.15","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:quay:3.16::el9"],"defaultStatus":"affected","product":"Red Hat Quay 3.16","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:quay:3.17::el9"],"defaultStatus":"affected","product":"Red Hat Quay 3.17","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:quay:3.9::el8"],"defaultStatus":"affected","product":"Red Hat Quay 3.9","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:mirror_registry:2.0::el8"],"defaultStatus":"affected","product":"mirror registry for Red Hat OpenShift 2.0","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:mirror_registry:1"],"defaultStatus":"affected","product":"mirror registry for Red Hat OpenShift","vendor":"Red Hat"}],"datePublic":"2026-04-08T00:00:00.000Z","descriptions":[{"lang":"en","value":"A flaw was found in Red Hat Quay's container image upload process. An authenticated user with push access to any repository on the registry can interfere with image uploads in progress by other users, including those in repositories they do not have access to. This could allow the attacker to read, modify, or cancel another user's in-progress image upload."}],"metrics":[{"other":{"content":{"namespace":"https://access.redhat.com/security/updates/classification/","value":"Important"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"LOW","baseScore":7.4,"baseSeverity":"HIGH","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"LOW","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-639","description":"Authorization Bypass Through User-Controlled Key","lang":"en","type":"CWE"}]}],"references":[{"tags":["vdb-entry","x_refsource_REDHAT"],"url":"https://access.redhat.com/security/cve/CVE-2026-32589"},{"name":"RHBZ#2446963","tags":["issue-tracking","x_refsource_REDHAT"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2446963"},{"tags":["x_sadp-csaf-vex"],"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-32589.json"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:22840"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:22629"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:21017"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:24853"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:19375"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:22465"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:23361"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:28441"}],"solutions":[{"lang":"en","value":"RHSA-2026:22840: Red Hat Quay 3.10"},{"lang":"en","value":"RHSA-2026:22629: Red Hat Quay 3.12"},{"lang":"en","value":"RHSA-2026:21017: Red Hat Quay 3.14"},{"lang":"en","value":"RHSA-2026:24853: Red Hat Quay 3.15"},{"lang":"en","value":"RHSA-2026:19375: Red Hat Quay 3.16"},{"lang":"en","value":"RHSA-2026:22465: Red Hat Quay 3.17"},{"lang":"en","value":"RHSA-2026:23361: Red Hat Quay 3.9"},{"lang":"en","value":"RHSA-2026:28441: mirror registry for Red Hat OpenShift 2.0"}],"timeline":[{"lang":"en","time":"2026-03-12T14:43:07.878Z","value":"Reported to Red Hat."},{"lang":"en","time":"2026-04-08T00:00:00.000Z","value":"Made public."}],"title":"mirror-registry: quay: insecure direct object reference in BlobUpload","x_adpType":"supplier","x_generator":{"engine":"sadp-cli 1.0.0"},"providerMetadata":{"orgId":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","shortName":"redhat-SADP","dateUpdated":"2026-07-01T12:04:50.676Z"}}]}}