{"api_version":"1","generated_at":"2026-06-13T18:49:46+00:00","cve":"CVE-2026-32589","urls":{"html":"https://cve.report/CVE-2026-32589","api":"https://cve.report/api/cve/CVE-2026-32589.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-32589","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-32589"},"summary":{"title":"Mirror-registry: quay: insecure direct object reference in blobupload","description":"A flaw was found in Red Hat Quay's container image upload process. An authenticated user with push access to any repository on the registry can interfere with image uploads in progress by other users, including those in repositories they do not have access to. This could allow the attacker to read, modify, or cancel another user's in-progress image upload.","state":"PUBLISHED","assigner":"redhat","published_at":"2026-04-08 18:25:59","updated_at":"2026-06-09 17:17:03"},"problem_types":["CWE-639","CWE-639 Authorization Bypass Through User-Controlled Key"],"metrics":[{"version":"3.1","source":"nvd@nist.gov","type":"Secondary","score":"6.3","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"}},{"version":"3.1","source":"secalert@redhat.com","type":"Secondary","score":"7.4","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"7.4","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"LOW","baseScore":7.4,"baseSeverity":"HIGH","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"LOW","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L","version":"3.1"}}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:22840","name":"https://access.redhat.com/errata/RHSA-2026:22840","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2026:21017","name":"https://access.redhat.com/errata/RHSA-2026:21017","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2026:19375","name":"https://access.redhat.com/errata/RHSA-2026:19375","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2026:22629","name":"https://access.redhat.com/errata/RHSA-2026:22629","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2026:23361","name":"https://access.redhat.com/errata/RHSA-2026:23361","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2026:22465","name":"https://access.redhat.com/errata/RHSA-2026:22465","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/security/cve/CVE-2026-32589","name":"https://access.redhat.com/security/cve/CVE-2026-32589","refsource":"secalert@redhat.com","tags":["Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2026:24853","name":"https://access.redhat.com/errata/RHSA-2026:24853","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2446963","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2446963","refsource":"secalert@redhat.com","tags":["Issue Tracking","Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-32589","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32589","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Red Hat","product":"Red Hat Quay 3.1","version":"unaffected 1779822261 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Quay 3.12","version":"unaffected 1779811412 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Quay 3.14","version":"unaffected 1779689392 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Quay 3.15","version":"unaffected 1780891395 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Quay 3.16","version":"unaffected 1779204086 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Quay 3.17","version":"unaffected 1779922205 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Quay 3.9","version":"unaffected 1779811473 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"mirror registry for Red Hat OpenShift","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"mirror registry for Red Hat OpenShift 2","version":"","platforms":[]}],"timeline":[{"source":"CNA","time":"2026-03-12T14:43:07.878Z","lang":"en","value":"Reported to Red Hat."},{"source":"CNA","time":"2026-04-08T00:00:00.000Z","lang":"en","value":"Made public."}],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"Red Hat would like to thank Antony Di Scala and Michael Whale for reporting this issue.","lang":"en"}],"nvd_cpes":[{"cve_year":"2026","cve_id":"32589","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"mirror_registry_for_red_hat_openshift","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"32589","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"mirror_registry_for_red_hat_openshift","cpe6":"2.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"32589","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"quay","cpe6":"3.0.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"32589","cve":"CVE-2026-32589","epss":"0.000700000","percentile":"0.217530000","score_date":"2026-06-12","updated_at":"2026-06-13 00:07:16"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-32589","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2026-04-08T18:01:21.450628Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-04-08T18:01:32.402Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:quay:3.10::el8"],"defaultStatus":"affected","packageName":"quay/quay-rhel8","product":"Red Hat Quay 3.1","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"1779822261","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:quay:3.12::el8"],"defaultStatus":"affected","packageName":"quay/quay-rhel8","product":"Red Hat Quay 3.12","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"1779811412","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:quay:3.14::el8"],"defaultStatus":"affected","packageName":"quay/quay-rhel8","product":"Red Hat Quay 3.14","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"1779689392","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:quay:3.15::el8"],"defaultStatus":"affected","packageName":"quay/quay-rhel8","product":"Red Hat Quay 3.15","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"1780891395","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:quay:3.16::el9"],"defaultStatus":"affected","packageName":"quay/quay-rhel9","product":"Red Hat Quay 3.16","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"1779204086","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:quay:3.17::el9"],"defaultStatus":"affected","packageName":"quay/quay-rhel9","product":"Red Hat Quay 3.17","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"1779922205","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:quay:3.9::el8"],"defaultStatus":"affected","packageName":"quay/quay-rhel8","product":"Red Hat Quay 3.9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"1779811473","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:mirror_registry:1"],"defaultStatus":"affected","packageName":"openshift/mirror-registry-rhel8","product":"mirror registry for Red Hat OpenShift","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:mirror_registry:2"],"defaultStatus":"unaffected","packageName":"openshift/mirror-registry-rhel8","product":"mirror registry for Red Hat OpenShift 2","vendor":"Red Hat"}],"credits":[{"lang":"en","value":"Red Hat would like to thank Antony Di Scala and Michael Whale for reporting this issue."}],"datePublic":"2026-04-08T00:00:00.000Z","descriptions":[{"lang":"en","value":"A flaw was found in Red Hat Quay's container image upload process. An authenticated user with push access to any repository on the registry can interfere with image uploads in progress by other users, including those in repositories they do not have access to. This could allow the attacker to read, modify, or cancel another user's in-progress image upload."}],"metrics":[{"other":{"content":{"namespace":"https://access.redhat.com/security/updates/classification/","value":"Important"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"LOW","baseScore":7.4,"baseSeverity":"HIGH","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"LOW","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-639","description":"Authorization Bypass Through User-Controlled Key","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-06-09T15:37:49.122Z","orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat"},"references":[{"name":"RHSA-2026:19375","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:19375"},{"name":"RHSA-2026:21017","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:21017"},{"name":"RHSA-2026:22465","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:22465"},{"name":"RHSA-2026:22629","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:22629"},{"name":"RHSA-2026:22840","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:22840"},{"name":"RHSA-2026:23361","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:23361"},{"name":"RHSA-2026:24853","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:24853"},{"tags":["vdb-entry","x_refsource_REDHAT"],"url":"https://access.redhat.com/security/cve/CVE-2026-32589"},{"name":"RHBZ#2446963","tags":["issue-tracking","x_refsource_REDHAT"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2446963"}],"timeline":[{"lang":"en","time":"2026-03-12T14:43:07.878Z","value":"Reported to Red Hat."},{"lang":"en","time":"2026-04-08T00:00:00.000Z","value":"Made public."}],"title":"Mirror-registry: quay: insecure direct object reference in blobupload","x_generator":{"engine":"cvelib 1.8.0"},"x_redhatCweChain":"CWE-639: Authorization Bypass Through User-Controlled Key"}},"cveMetadata":{"assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","cveId":"CVE-2026-32589","datePublished":"2026-04-08T17:04:20.284Z","dateReserved":"2026-03-12T14:39:53.657Z","dateUpdated":"2026-06-09T15:37:49.122Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-04-08 18:25:59","lastModifiedDate":"2026-06-09 17:17:03","problem_types":["CWE-639","CWE-639 Authorization Bypass Through User-Controlled Key"],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.1,"impactScore":3.7},{"source":"nvd@nist.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:mirror_registry_for_red_hat_openshift:-:*:*:*:*:*:*:*","matchCriteriaId":"63757310-FC5B-44E6-9211-36269827BC56"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:mirror_registry_for_red_hat_openshift:2.0:*:*:*:*:*:*:*","matchCriteriaId":"281E6AA4-1E08-488F-BA7A-F0BE7CF42A5B"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:quay:3.0.0:*:*:*:*:*:*:*","matchCriteriaId":"B1987BDA-0113-4603-B9BE-76647EB043F2"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"32589","Ordinal":"1","Title":"Mirror-registry: quay: insecure direct object reference in blobu","CVE":"CVE-2026-32589","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"32589","Ordinal":"1","NoteData":"A flaw was found in Red Hat Quay's container image upload process. An authenticated user with push access to any repository on the registry can interfere with image uploads in progress by other users, including those in repositories they do not have access to. This could allow the attacker to read, modify, or cancel another user's in-progress image upload.","Type":"Description","Title":"Mirror-registry: quay: insecure direct object reference in blobu"}]}}}