Description
A flaw was found in Red Hat Quay. When Red Hat Quay requests password re-verification for sensitive operations, such as token generation or robot account creation, the re-authentication prompt can be bypassed. This allows a user with a timed-out session, or an attacker with access to an idle authenticated browser session, to perform privileged actions without providing valid credentials. The vulnerability enables unauthorized execution of sensitive operations despite the user interface displaying an error for invalid credentials.
Published: 2026-04-22
Score: 5.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Authentication bypass that permits privileged actions without valid credentials
Action: Assess Impact
AI Analysis

Impact

A flaw in Red Hat Quay allows a user with a timed‑out or idle authenticated session to bypass the re‑authentication prompt required for sensitive operations such as token generation or robot account creation. The vulnerability enables the execution of privileged actions without supplying a valid password, even though the user interface displays an error for invalid credentials. This represents an authentication bypass weakness (CWE‑613) that can grant unauthorized access to critical administrative functions.

Affected Systems

Red Hat Quay (version 3). No specific sub‑versions are listed, so all installations of Quay 3 are considered potentially affected.

Risk and Exploitability

The CVSS score of 5.4 indicates a medium severity vulnerability, and the EPSS score is not available. It is not listed in the CISA KEV catalog. The likely attack vector involves an idle authenticated browser session or a session that has timed out. An attacker exploiting this flaw can perform privileged operations without presenting valid credentials, potentially allowing unauthorized creation of tokens or robot accounts, thereby escalating privileges or compromising downstream services.

Generated by OpenCVE AI on April 22, 2026 at 10:22 UTC.

Remediation

Vendor Workaround

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.

OpenCVE Recommended Actions

  • Apply the latest Red Hat Quay security update that addresses the re‑authentication bypass as soon as it is released.
  • Configure Quay to enforce strict session expirations and require re‑authentication for every privileged operation; enable any available settings that block idle sessions from performing sensitive actions.
  • Limit token generation and robot account creation to a restricted administrator role and monitor for anomalous activity to detect potential abuse.

Generated by OpenCVE AI on April 22, 2026 at 10:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 22 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 22 Apr 2026 12:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat quay 3
Vendors & Products Redhat quay 3
References
Metrics threat_severity

None

 threat_severity

Moderate

Wed, 22 Apr 2026 09:45:00 +0000

Type Values Removed Values Added
Description A flaw was found in Red Hat Quay. When Red Hat Quay requests password re-verification for sensitive operations, such as token generation or robot account creation, the re-authentication prompt can be bypassed. This allows a user with a timed-out session, or an attacker with access to an idle authenticated browser session, to perform privileged actions without providing valid credentials. The vulnerability enables unauthorized execution of sensitive operations despite the user interface displaying an error for invalid credentials.
Title Quay: red hat quay: authentication bypass allows privileged actions without valid credentials
First Time appeared Redhat
Redhat quay
Weaknesses CWE-613
CPEs cpe:/a:redhat:quay:3
Vendors & Products Redhat
Redhat quay
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N'}

Subscriptions

Redhat Quay Quay 3
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-04-22T12:55:24.902Z

Reserved: 2026-04-22T08:54:17.842Z

Link: CVE-2026-6848

cve-icon Vulnrichment

Updated: 2026-04-22T12:55:21.648Z

cve-icon NVD

Status : Received

Published: 2026-04-22T10:16:52.347

Modified: 2026-04-22T10:16:52.347

Link: CVE-2026-6848

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-04-10T00:00:00Z

Links: CVE-2026-6848 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T11:43:43Z

Weaknesses