CVE-2026-10052 - Vulnerability Details

- Quay/config-tool: quay/config-tool: ssrf via unfiltered ldap and smtp config validation endpoints

Description

A flaw was found in the Quay config-tool's LDAP and SMTP validation functions. An attacker with config editor access can exploit these functions, which make outbound connections to user-supplied endpoints without proper IP or host filtering. This allows the attacker to perform internal network reconnaissance from the Quay pod's network position, potentially mapping the internal network infrastructure.

Published: 2026-05-29

Score: 4.1 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A flaw exists in Quay's config-tool LDAP and SMTP validation functions that allows an attacker with configuration‑editor privileges to cause the tool to make outbound connections to arbitrary endpoints without filtering the target IP or hostname. The lack of host or IP validation effectively creates a server‑side request forgery (SSRF) that can be leveraged to probe internal network services, disclose server addresses, and map the internal infrastructure. The vulnerability results in a moderate breach of confidentiality and network visibility but does not directly grant code execution.

Affected Systems

The affected system is Red Hat Quay version 3. No additional specific version details are provided beyond the product identifier.

Risk and Exploitability

The CVSS score of 4.1 indicates a moderate risk. An attacker must already possess configuration‑editor rights, which typically implies elevated access within the environment. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, suggesting no known mass exploitation. The most likely attack vector is an insider or compromised account with config‑editor privileges initiating a malicious or misconfigured LDAP/SMTP validation request to a crafted internal endpoint, enabling internal network reconnaissance from the Quay pod's network position.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor	Product	Default status	Versions
Red Hat	Red Hat Quay 3	affected	—
Red Hat	Red Hat Quay 3	affected	—

No data.

Vendor Product Confidence Versions

Redhat

Quay

95%

Version	Status	Scheme	Platform
`—`	affected	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade to the latest Red Hat Quay release that includes the config‑tool fix following the vendor advisory
Apply the vendor‑issued security patch or configuration fix for Quay/config‑tool
If a patch cannot be applied immediately, restrict the set of users who have configuration‑editor permissions to a trusted subset
Configure network policies or firewall rules to block unintended outbound connections from the Quay pod, minimizing SSRF exposure
Implement strict host or IP validation in the LDAP and SMTP validation routines to prevent connections to untrusted endpoints

Generated by OpenCVE AI on May 29, 2026 at 10:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00023.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://access.redhat.com/security/cve/CVE-2026-10052
https://bugzilla.redhat.com/show_bug.cgi?id=2483157

History

Fri, 29 May 2026 17:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 29 May 2026 09:00:00 +0000

Type	Values Removed	Values Added
Description		A flaw was found in the Quay config-tool's LDAP and SMTP validation functions. An attacker with config editor access can exploit these functions, which make outbound connections to user-supplied endpoints without proper IP or host filtering. This allows the attacker to perform internal network reconnaissance from the Quay pod's network position, potentially mapping the internal network infrastructure.
Title		Quay/config-tool: quay/config-tool: ssrf via unfiltered ldap and smtp config validation endpoints
First Time appeared		Redhat Redhat quay
Weaknesses		CWE-918
CPEs		cpe:/a:redhat:quay:3
Vendors & Products		Redhat Redhat quay
References		https://access.redhat.com/security/cve/CVE-2026-10052 https://bugzilla.redhat.com/show_bug.cgi?id=2483157
Metrics		cvssV3_1 `{'score': 4.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N'}`

Subscriptions

Redhat Quay

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2026-05-29T07:59:20.353Z

Updated: 2026-05-29T16:23:34.539Z

Reserved: 2026-05-29T07:31:54.325Z

Link: CVE-2026-10052

Vulnrichment

Updated: 2026-05-29T16:23:28.492Z

NVD

Status : Awaiting Analysis

Published: 2026-05-29T09:16:17.003

Modified: 2026-05-29T14:06:47.240

Link: CVE-2026-10052

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-29T14:30:36Z

Weaknesses

CWE-918

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object