CVE-2026-28909

Users who connect to malicious registries with hostnames matching the bypass patterns will have their registry credentials exposed in plaintext. This issue is fixed in container version 0.12.3...

CVE-2026-28909

Users who connect to malicious registries with hostnames matching the bypass patterns will have their registry credentials exposed in plaintext. This issue is fixed in container version 0.12.3...

CVE-2026-28909

CVE-2026-28909 affects a container runtime where connecting to malicious registries using hostnames that match bypass patterns can expose registry credentials in plaintext. The issue is mitigated by upgrading to container version 0.12.3. The available sources confirm the vulnerability description...

EUVD-2026-26452

Users who connect to malicious registries with hostnames matching the bypass patterns will have their registry credentials exposed in plaintext. This issue is fixed in container version 0.12.3...

CVE-2026-28909

Users who connect to malicious registries with hostnames matching the bypass patterns will have their registry credentials exposed in plaintext. This issue is fixed in container version 0.12.3...

CVE-2026-28909

Users who connect to malicious registries with hostnames matching the bypass patterns will have their registry credentials exposed in plaintext. This issue is fixed in container version 0.12.3...

PT-2026-36209

Name of the Vulnerable Software and Affected Versions container versions prior to 0.12.3 Description Users who connect to malicious registries with hostnames matching the bypass patterns will have their registry credentials exposed in plaintext. Recommendations Update to version 0.12.3...

Improper Authentication

Ratify is vulnerable to Improper Authentication. The vulnerability is due to insufficient registry validation due to the Azure authentication providers failing to verify that the target registry is an Azure Container Registry ACR before exchanging an Entra ID EID token, potentially exposing token...

CVE-2024-35192 Trivy possibly leaks registry credential when scanning images from malicious registries

Trivy is a security scanner. Prior to 0.51.2, if a malicious actor is able to trigger Trivy to scan container images from a crafted malicious registry, it could result in the leakage of credentials for legitimate registries such as AWS Elastic Container Registry ECR, Google Cloud Artifact/Contain...

GHSA-XCQ4-M2R3-CMRJ Trivy possibly leaks registry credential when scanning images from malicious registries

Impact If a malicious actor is able to trigger Trivy to scan container images from a crafted malicious registry, it could result in the leakage of credentials for legitimate registries such as AWS Elastic Container Registry ECR, Google Cloud Artifact/Container Registry, or Azure Container Registr...