Description
A flaw was found in mirror-registry where an authenticated user can trick the system into accessing unintended internal or restricted systems by providing malicious web addresses.

When the application processes these addresses, it automatically follows redirects without verifying the final destination, allowing attackers to route requests to systems they should not have access to.
Published: 2026-03-12
Score: 4.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Server‑Side Request Forgery
Action: Apply patch
AI Analysis

Impact

This vulnerability allows an authenticated user to supply arbitrary URLs to the mirror‑registry service. During processing the service follows redirects without validating the ultimate destination, enabling the attacker to force the system to reach internal or otherwise restricted resources. This can lead to unauthorized data exposure or other exploitation of internal systems.

Affected Systems

Affected products are Red Hat Quay 3 and the mirror registry for Red Hat OpenShift (versions 1 and 2). All instances of these components that have not been updated to the patched release are vulnerable.

Risk and Exploitability

The CVSS score of 4.9 indicates modest severity, and the EPSS score is below 1%, implying a low likelihood of exploitation in the wild. The vulnerability is not listed in the KEV catalog. Exploitation requires a user who can authenticate to the affected application and supply a crafted redirect URL; the application then forwards the request to internal hosts. There are no external dependencies beyond legitimate authentication.

Generated by OpenCVE AI on April 16, 2026 at 02:46 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Red Hat Quay 3 and the mirror registry for Red Hat OpenShift to versions that contain the fix for the SSRF issue.
  • If an upgrade cannot be performed immediately, disable or restrict the internal usage of redirect URLs by configuring the application to reject redirects to external or unknown hosts.
  • Apply network segmentation or firewall rules to block outbound traffic from the mirror‑registry service to internal addresses that are not intended to be reachable.

Generated by OpenCVE AI on April 16, 2026 at 02:46 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 12 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 12 Mar 2026 20:30:00 +0000

Type Values Removed Values Added
References

Thu, 12 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE. A flaw was found in mirror-registry where an authenticated user can trick the system into accessing unintended internal or restricted systems by providing malicious web addresses. When the application processes these addresses, it automatically follows redirects without verifying the final destination, allowing attackers to route requests to systems they should not have access to.
Title mirror-registry: quay: quay: Server-side Request Forgery via open redirect vulnerability in web interface Mirror-registry: quay: quay: server-side request forgery via open redirect vulnerability in web interface
First Time appeared Redhat
Redhat mirror Registry
Redhat quay
CPEs cpe:/a:redhat:mirror_registry:1
cpe:/a:redhat:mirror_registry:2
cpe:/a:redhat:quay:3
Vendors & Products Redhat
Redhat mirror Registry
Redhat quay
References

Wed, 04 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
First Time appeared Mirror-registry
Mirror-registry quay
Vendors & Products Mirror-registry
Mirror-registry quay

Wed, 04 Mar 2026 00:15:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE.
Title mirror-registry: quay: quay: Server-side Request Forgery via open redirect vulnerability in web interface
Weaknesses CWE-601
References
Metrics threat_severity

None

 cvssV3_1

{'score': 4.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N'}

threat_severity

Moderate

Subscriptions

Mirror-registry Quay
Redhat Mirror Registry Quay
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-03-12T20:46:18.921Z

Reserved: 2026-02-11T20:57:36.825Z

Link: CVE-2026-2376

cve-icon Vulnrichment

Updated: 2026-03-12T20:43:37.921Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-12T19:16:16.200

Modified: 2026-03-12T21:16:25.780

Link: CVE-2026-2376

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-03-03T19:28:15Z

Links: CVE-2026-2376 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T03:00:09Z

Weaknesses