The vulnerability allows a deleted container artifact to become readable again. When a blob is removed in a repository that has both delete operations enabled and a Redis cache for blob descriptors enabled, the shared digest descriptor is cleared but the repository‑specific membership information is left in the cache. A later request for the same artifact from the same or another repository triggers the cached descriptor to be repopulated, giving users read access to a blob that was intended to be permanently deleted. This results in unauthorized exposure of data that should have been purged, violating confidentiality and the integrity of the repository.

All instances of Docker Distribution earlier than version 3.1.0 that are configured with storage.delete.enabled set to true and which use Redis for blob descriptor caching are affected. The vulnerability does not impact installations that do not enable the delete feature or do not use Redis for descriptor caching.

The CVSS score of 7.5 indicates a high impact vulnerability, but the EPSS score of less than 1 % suggests that exploitation in the wild is unlikely. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is inferred from the description: an attacker who has authorization to delete blobs must then request the same blob from a different repository or the same one again to trigger the cache repopulation. Therefore, exploit requires authenticated access with delete privileges or a compromised account. Once the scenario occurs, the deleted artifact is temporarily resurrected until the Redis cache is refreshed. This gives the attacker a narrow window of read access to content that was supposed to be removed.