CVE-2026-10517 Clair: clair: unauthenticated ssrf via manifest layer uri enables internal network reconnaissance
A flaw was found in Clair. The fetcher component makes outbound HTTP requests to attacker-supplied URIs from manifest layer descriptors without IP or scheme filtering. When PSK authentication is not configured opt-in, not enforced by default, an unauthenticated attacker can submit a manifest with...