Description
Users who connect to malicious registries with hostnames matching the bypass patterns will have their registry credentials exposed in plaintext. This issue is fixed in container version 0.12.3.
Published: 2026-04-30
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Users who connect to malicious registries whose hostnames match certain bypass patterns will have their registry credentials exposed in plaintext. This flaw allows an attacker to obtain sensitive authentication information simply by directing a user to a registry that satisfies those patterns. The likely attack vector is the use of a malicious or compromised registry that mimics known bypass hostnames, causing the container client to convey credentials without encryption or proper validation.

Affected Systems

Apple macOS containers older than version 0.12.3 are affected. The issue is resolved in container 0.12.3; therefore any deployment running an earlier version of the Apple Container on macOS could be compromised if it connects to a registry that triggers the bypass rule.

Risk and Exploitability

Because the exported credentials appear in plaintext, a malicious registry can capture and reuse them for unauthorized access to other resources. The CVSS score of 6.5 indicates a medium to high risk level. The EPSS score is less than 1%, suggesting that exploitation is currently unlikely but not impossible. The vulnerability is not listed in CISA's KEV catalog, but the potential for credential theft remains high due to the ease of providing a hostname that matches the bypass pattern.

Generated by OpenCVE AI on May 2, 2026 at 08:04 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Apple Container to version 0.12.3 or later to eliminate the exposed credential issue.
  • Restrict outbound registry traffic to known, trusted hostnames and block or filter connections to any registry whose hostname conforms to the bypass pattern.
  • Continuously monitor authentication logs for anomalous credential transmissions and ensure that all registry interactions require secure authentication mechanisms.

Generated by OpenCVE AI on May 2, 2026 at 08:04 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 02 May 2026 08:30:00 +0000

Type Values Removed Values Added
Title Plaintext Exposure of Registry Credentials via Hostname Bypass in Apple Container
Weaknesses CWE-198
CWE-200

Fri, 01 May 2026 14:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-522
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 01 May 2026 05:15:00 +0000

Type Values Removed Values Added
Title Plaintext Exposure of Registry Credentials via Hostname Bypass in Apple Container
Weaknesses CWE-198
CWE-200

Fri, 01 May 2026 00:30:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Vendors & Products Apple
Apple macos

Thu, 30 Apr 2026 22:30:00 +0000

Type Values Removed Values Added
Description Users who connect to malicious registries with hostnames matching the bypass patterns will have their registry credentials exposed in plaintext. This issue is fixed in container version 0.12.3.
References

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-05-01T13:57:11.662Z

Reserved: 2026-03-03T16:36:03.984Z

Link: CVE-2026-28909

cve-icon Vulnrichment

Updated: 2026-05-01T13:55:30.552Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-30T23:16:20.437

Modified: 2026-05-01T15:26:51.053

Link: CVE-2026-28909

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-02T08:15:16Z

Weaknesses