CVE-2026-48978 oras-go: Malicious registry can hijack Bearer token realm to exfiltrate credentials and refresh tokens
oras-go is a Go library for managing OCI artifacts. Prior to 2.6.1, auth.Client follows the realm URL from a registry's WWW-Authenticate: Bearer challenge without validating the scheme or host, allowing a malicious or compromised registry to cause SSRF to internal networks such as...