Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary rating from Vendor (redhat).
CVSS VectorVendor: redhat
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
3DescriptionCVE.org
A flaw was found in mirror-registry. Authenticated users can exploit the log export feature by providing a specially crafted web address (URL). This allows the application's backend to make arbitrary requests to internal network resources, a vulnerability known as Server-Side Request Forgery (SSRF). This could lead to unauthorized access to sensitive information or other internal systems.
AnalysisAI
Server-side request forgery (SSRF) in Red Hat Mirror Registry and Red Hat Quay 3.x allows authenticated users to conduct arbitrary requests to internal network resources via a specially crafted URL in the log export feature, potentially exposing sensitive information and compromising internal systems. CVSS 6.5 (medium severity) with confirmed authentication requirement and high confidentiality impact. No active exploitation or public exploit code identified at time of analysis.
Technical ContextAI
The vulnerability exploits improper input validation in the log export functionality of Red Hat Mirror Registry and Red Hat Quay. When an authenticated user provides a maliciously crafted URL parameter to the log export feature, the application's backend processes the request without sufficient server-side validation, allowing the backend to make HTTP requests to attacker-specified destinations. This is a classic Server-Side Request Forgery (SSRF) vulnerability classified under CWE-918 (Server-Side Request Forgery), where the application acts as an unwitting proxy for the attacker. The affected products are Red Hat Mirror Registry for Red Hat OpenShift (all versions), Mirror Registry for Red Hat OpenShift 2.x, and Red Hat Quay 3.x, as identified by multiple CPE strings in the inventory.
RemediationAI
Consult the Red Hat security advisory at https://access.redhat.com/security/cve/CVE-2026-2377 for the specific patched versions available for Mirror Registry and Quay 3.x; apply the recommended patch or upgrade immediately. As an interim control pending patch deployment, restrict access to the log export feature to only trusted administrative users and implement network-level controls (firewall rules, egress filtering) to prevent the affected application backends from reaching sensitive internal services or metadata endpoints. Additionally, audit audit logs for suspicious log export requests with unusual URL parameters targeting internal IP ranges or localhost.
Authenticated remote code execution in Red Hat Quay 3 and Mirror Registry for Red Hat OpenShift arises from unsafe deser
Red Hat Quay's container image upload mechanism allows authenticated users with push privileges to interfere with concur
Server-Side Request Forgery (SSRF) in Red Hat Quay's Proxy Cache configuration allows authenticated organization adminis
OpenShift Mirror Registry leaks valid usernames and email addresses through inconsistent error messages during authentic
Same weakness CWE-918 – Server-Side Request Forgery (SSRF)
View allSame technique Authentication Bypass
View allVendor StatusVendor
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-20507
GHSA-2c4x-699h-vw5x