5 matches found
CVE-2026-41888
Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.1, tag deletion via the DELETE /v2//manifests/ endpoint bypasses the storage.delete.enabled: false configuration, allowing any API client to remove tags from repositories even when the operator has...
EUVD-2026-30341
Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.1, tag deletion via the DELETE /v2//manifests/ endpoint bypasses the storage.delete.enabled: false configuration, allowing any API client to remove tags from repositories even when the operator has...
Linux Distros Unpatched Vulnerability : CVE-2026-33540
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.0, in pull- through cache mode, distribution discovers token auth...
DEBIAN-CVE-2026-35172
Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.0, distribution can restore read access in repo a after an explicit delete when storage.cache.blobdescriptor: redis and storage.delete.enabled: true are both enabled. The delete path clears the shared dige...
PT-2026-30630
Distribution versions prior to 3.1.0 are affected by an issue where the software incorrectly handles token authentication endpoints. Specifically, when operating in pull-through cache mode, the software parses WWW-Authenticate challenges from the upstream registry without validating the realm URL...