CVE-2026-2377 Mirror-registry: quay: quay: server-side request forgery via log export functionality

🗓️ 08 Apr 2026 16:26:07Reported by redhatType

Authenticated users can exploit log export to trigger server side request forgery in mirror-registry.

Reporter	Title	Published	Views	Family All 15
ATTACKERKB	CVE-2026-2377	8 Apr 202616:26	–	attackerkb
Circl	CVE-2026-2377	8 Apr 202618:36	–	circl
CNNVD	Red Hat OpenShift Mirror Registry 代码问题漏洞	8 Apr 202600:00	–	cnnvd
CVE	CVE-2026-2377	8 Apr 202616:26	–	cve
EUVD	EUVD-2026-20507	8 Apr 202618:34	–	euvd
NVD	CVE-2026-2377	8 Apr 202617:21	–	nvd
Positive Technologies	PT-2026-31330	8 Apr 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-2377	8 Apr 202616:26	–	redhatcve
RedHat Linux	Important: Red Hat Security Advisory: Red Hat Quay 3.16.4	19 May 202621:01	–	redhat
RedHat Linux	Important: Red Hat Security Advisory: Red Hat Quay 3.14.8	26 May 202617:12	–	redhat

[
  {
    "vendor": "Red Hat",
    "product": "Red Hat Quay 3.1",
    "collectionURL": "https://catalog.redhat.com/software/containers/",
    "packageName": "quay/quay-rhel8",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "1779822261",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:quay:3.10::el8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Quay 3.12",
    "collectionURL": "https://catalog.redhat.com/software/containers/",
    "packageName": "quay/quay-rhel8",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "1779811412",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:quay:3.12::el8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Quay 3.14",
    "collectionURL": "https://catalog.redhat.com/software/containers/",
    "packageName": "quay/quay-rhel8",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "1779689392",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:quay:3.14::el8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Quay 3.15",
    "collectionURL": "https://catalog.redhat.com/software/containers/",
    "packageName": "quay/quay-rhel8",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "1780891395",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:quay:3.15::el8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Quay 3.16",
    "collectionURL": "https://catalog.redhat.com/software/containers/",
    "packageName": "quay/quay-rhel9",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "1779204086",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:quay:3.16::el9"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Quay 3.9",
    "collectionURL": "https://catalog.redhat.com/software/containers/",
    "packageName": "quay/quay-rhel8",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "1779811473",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:quay:3.9::el8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "mirror registry for Red Hat OpenShift",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "openshift/mirror-registry-rhel8",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:mirror_registry:1"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "mirror registry for Red Hat OpenShift 2",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "openshift/mirror-registry-rhel8",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:mirror_registry:2"
    ]
  }
]

Source	Link
access	www.access.redhat.com/errata/RHSA-2026:22629
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
access	www.access.redhat.com/errata/RHSA-2026:22840
access	www.access.redhat.com/errata/RHSA-2026:21017
access	www.access.redhat.com/security/cve/CVE-2026-2377
access	www.access.redhat.com/errata/RHSA-2026:23361
access	www.access.redhat.com/errata/RHSA-2026:24853
access	www.access.redhat.com/errata/RHSA-2026:19375

09 Jun 2026 15:38Current

CVSS 3.16.5

EPSS0.00025

CWE-918