CVE-2026-2376

Name: CVE-2026-2376 — Vulnerability Record
Brand: Quanteta Data Lab
SKU: CVE-2026-2376

MEDIUM

CVSS v3.1: 4.9 · EPSS: 0.0004 (11.4 percentile)

NetworkNo user interaction

Source data as of: 2026-06-03 05:00:11 UTC

At a glance

Severity: MEDIUM
CVSS: 4.9 v3.1 · NVD
EPSS: 0.0004 (11.4 percentile) · FIRST.org
CISA KEV: No
Attack conditions (CVSS vector): NetworkNo user interaction · Source: NVD Vector
Affected vendors: redhat
Published: 2026-03-12 · Modified: 2026-06-02
References: Jump to references (3)

CVSS / EPSS / KEV

CVSS v3.1 4.9 / 10 MEDIUM Source: NVD

EPSS 0.0004 11.4 percentile Source: FIRST.org

CISA KEV No Source: CISA

Source — CVSS: NVD · EPSS: FIRST.org · KEV: CISA. Data & Sources

Description

A flaw was found in mirror-registry where an authenticated user can trick the system into accessing unintended internal or restricted systems by providing malicious web addresses. When the application processes these addresses, it automatically follows redirects without verifying the final destination, allowing attackers to route requests to systems they should not have access to.

Record details

CVE ID: CVE-2026-2376
CVSS (v3.1): 4.9 (MEDIUM)
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N
Exploitability subscore: 1.8
Impact subscore: 2.7
EPSS: 0.0004 (11.4 percentile) — 2026-06-03
CISA KEV: No
Weakness (CWE): CWE-601
Affected vendors: redhat
Affected configurations (CPE): 2
Published: 2026-03-12
Modified: 2026-06-02
Status: Analyzed

References

Reference URLs as listed by NVD, grouped by a mechanical match on the link's host/pattern. Labels describe the link type only.

Distro https://access.redhat.com/security/cve/CVE-2026-2376
Distro https://bugzilla.redhat.com/show_bug.cgi?id=2439117
Reference https://github.com/quay/quay/pull/5074

← Back to all records

CVE-2026-2376

At a glance

CVSS / EPSS / KEV

Description

Record details

References

Related records

Same affected vendor

Same weakness type (CWE)

Published the same year