FKIE_CVE-2026-32589

Vulnerability from fkie_nvd - Published: 2026-04-08 18:25 - Updated: 2026-07-01 13:17
Summary
A flaw was found in Red Hat Quay's container image upload process. An authenticated user with push access to any repository on the registry can interfere with image uploads in progress by other users, including those in repositories they do not have access to. This could allow the attacker to read, modify, or cancel another user's in-progress image upload.
References
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2026:19375
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2026:21017
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2026:22465
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2026:22629
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2026:22840
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2026:23361
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2026:24853
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2026:28441
secalert@redhat.comhttps://access.redhat.com/security/cve/CVE-2026-32589Vendor Advisory
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2446963Issue Tracking, Vendor Advisory
0b0ca135-0b70-47e7-9f44-1890c2a1c46chttps://access.redhat.com/errata/RHSA-2026:19375
0b0ca135-0b70-47e7-9f44-1890c2a1c46chttps://access.redhat.com/errata/RHSA-2026:21017
0b0ca135-0b70-47e7-9f44-1890c2a1c46chttps://access.redhat.com/errata/RHSA-2026:22465
0b0ca135-0b70-47e7-9f44-1890c2a1c46chttps://access.redhat.com/errata/RHSA-2026:22629
0b0ca135-0b70-47e7-9f44-1890c2a1c46chttps://access.redhat.com/errata/RHSA-2026:22840
0b0ca135-0b70-47e7-9f44-1890c2a1c46chttps://access.redhat.com/errata/RHSA-2026:23361
0b0ca135-0b70-47e7-9f44-1890c2a1c46chttps://access.redhat.com/errata/RHSA-2026:24853
0b0ca135-0b70-47e7-9f44-1890c2a1c46chttps://access.redhat.com/errata/RHSA-2026:28441
0b0ca135-0b70-47e7-9f44-1890c2a1c46chttps://access.redhat.com/security/cve/CVE-2026-32589Vendor Advisory
0b0ca135-0b70-47e7-9f44-1890c2a1c46chttps://bugzilla.redhat.com/show_bug.cgi?id=2446963Issue Tracking, Vendor Advisory
0b0ca135-0b70-47e7-9f44-1890c2a1c46chttps://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-32589.json

{
  "affected": [
    {
      "affectedData": [
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:mirror_registry:2.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift/mirror-registry-rhel8",
          "product": "mirror registry for Red Hat OpenShift 2.0",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1782177012",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:quay:3.10::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "quay/quay-rhel8",
          "product": "Red Hat Quay 3.10",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1779822261",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:quay:3.12::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "quay/quay-rhel8",
          "product": "Red Hat Quay 3.12",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1779811412",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:quay:3.14::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "quay/quay-rhel8",
          "product": "Red Hat Quay 3.14",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1779689392",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:quay:3.15::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "quay/quay-rhel8",
          "product": "Red Hat Quay 3.15",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1780891395",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:quay:3.16::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "quay/quay-rhel9",
          "product": "Red Hat Quay 3.16",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1779204086",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:quay:3.17::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "quay/quay-rhel9",
          "product": "Red Hat Quay 3.17",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1779922205",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:quay:3.9::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "quay/quay-rhel8",
          "product": "Red Hat Quay 3.9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1779811473",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:mirror_registry:1"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift/mirror-registry-rhel8",
          "product": "mirror registry for Red Hat OpenShift",
          "vendor": "Red Hat"
        }
      ],
      "source": "secalert@redhat.com"
    },
    {
      "affectedData": [
        {
          "cpes": [
            "cpe:/a:redhat:quay:3.10::el8"
          ],
          "defaultStatus": "affected",
          "product": "Red Hat Quay 3.10",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:quay:3.12::el8"
          ],
          "defaultStatus": "affected",
          "product": "Red Hat Quay 3.12",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:quay:3.14::el8"
          ],
          "defaultStatus": "affected",
          "product": "Red Hat Quay 3.14",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:quay:3.15::el8"
          ],
          "defaultStatus": "affected",
          "product": "Red Hat Quay 3.15",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:quay:3.16::el9"
          ],
          "defaultStatus": "affected",
          "product": "Red Hat Quay 3.16",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:quay:3.17::el9"
          ],
          "defaultStatus": "affected",
          "product": "Red Hat Quay 3.17",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:quay:3.9::el8"
          ],
          "defaultStatus": "affected",
          "product": "Red Hat Quay 3.9",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:mirror_registry:2.0::el8"
          ],
          "defaultStatus": "affected",
          "product": "mirror registry for Red Hat OpenShift 2.0",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:mirror_registry:1"
          ],
          "defaultStatus": "affected",
          "product": "mirror registry for Red Hat OpenShift",
          "vendor": "Red Hat"
        }
      ],
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c"
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:mirror_registry_for_red_hat_openshift:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "63757310-FC5B-44E6-9211-36269827BC56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:mirror_registry_for_red_hat_openshift:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "281E6AA4-1E08-488F-BA7A-F0BE7CF42A5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:quay:3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1987BDA-0113-4603-B9BE-76647EB043F2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A flaw was found in Red Hat Quay\u0027s container image upload process. An authenticated user with push access to any repository on the registry can interfere with image uploads in progress by other users, including those in repositories they do not have access to. This could allow the attacker to read, modify, or cancel another user\u0027s in-progress image upload."
    }
  ],
  "id": "CVE-2026-32589",
  "lastModified": "2026-07-01T13:17:03.067",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 7.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 3.7,
        "source": "secalert@redhat.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 6.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.4,
        "source": "nvd@nist.gov",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 7.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 3.7,
        "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
        "type": "Secondary"
      }
    ],
    "ssvcV203": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "ssvcData": {
          "id": "CVE-2026-32589",
          "options": [
            {
              "exploitation": "none"
            },
            {
              "automatable": "no"
            },
            {
              "technicalImpact": "partial"
            }
          ],
          "role": "CISA Coordinator",
          "timestamp": "2026-04-08T18:01:21.450628Z",
          "version": "2.0.3"
        }
      }
    ]
  },
  "published": "2026-04-08T18:25:59.790",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2026:19375"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2026:21017"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2026:22465"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2026:22629"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2026:22840"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2026:23361"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2026:24853"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2026:28441"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://access.redhat.com/security/cve/CVE-2026-32589"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446963"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:19375"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:21017"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:22465"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:22629"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:22840"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:23361"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:24853"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:28441"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://access.redhat.com/security/cve/CVE-2026-32589"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446963"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-32589.json"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-639"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-639"
        }
      ],
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…