Skip to main content

Docker Distribution Registry CVE-2026-41888

| EUVDEUVD-2026-30341 MEDIUM
Incorrect Authorization (CWE-863)
2026-05-04 https://github.com/distribution/distribution GHSA-6pjf-3r9x-m592
6.3
CVSS 4.0 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
6.3 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
SUSE
6.5 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Red Hat
6.5 MEDIUM
qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
CVSS changed
May 14, 2026 - 18:22 NVD
6.3 (MEDIUM)
Source Code Evidence Fetched
May 04, 2026 - 21:30 vuln.today
Analysis Generated
May 04, 2026 - 21:30 vuln.today

DescriptionGitHub Advisory

Summary

Tag deletion via the DELETE /v2/<name>/manifests/<tag> endpoint bypasses the storage.delete.enabled: false configuration, allowing any API client to remove tags from repositories even when the operator has explicitly disabled deletion.

Details

When storage.delete.enabled is configured to false, digest-based manifest deletion is correctly rejected by the guard in registry/storage/linkedblobstore.go:212-215.

However, tag deletion takes a separate code path that never checks this setting:

In registry/handlers/manifests.go:439-453, DeleteManifest detects a tag reference, calls tagService.Untag(), returns, never consulting registry.deleteEnabled.

In turn, tagStore.Untag() calls the storage driver directly to delete the tag path without checking whether deletes are enabled.

PoC

Using a paired down Distribution configuration that explicitly disables deletes, such as this one, stored as config.yaml:

yaml
version: 0.1
storage:
  delete:
    enabled: false
  filesystem:
    rootdirectory: /var/lib/registry
http:
  addr: :5000

Start a local Distribution, mounting in the above configuration from the current directory:

shell
docker run -p 5000:5000 -v "$(pwd)/config.yaml":/config.yaml --restart=always --name registry registry:3.1.0 /config.yaml

In a separate terminal session/tab, push alpine:3.23 into the running instance:

shell
docker pull alpine:3.23
docker tag alpine:3.23 localhost:5000/alpine:3.23
docker push localhost:5000/alpine:3.23

Confirm that the tag shows up as expected:

shell
curl 'http://localhost:5000/v2/alpine/tags/list'
{"name":"alpine","tags":["3.23"]}

Issue a delete for the 3.23 tag:

shell
curl -X DELETE 'http://localhost:5000/v2/alpine/manifests/3.23'

Observe that the tag is now gone, despite deletes being disabled:

shell
curl 'http://localhost:5000/v2/alpine/tags/list'
{"name":"alpine","tags":null}

Impact

This is an authorization bypass vulnerability. Any client with network access to the registry can delete tags despite the operator having disabled deletion. This can cause denial of service for consumers pulling by tag and enables supply-chain disruption by removing trusted tags from a registry that the operator and/or users believed to be immutable.

AnalysisAI

Authorization bypass in Docker Distribution Registry allows remote clients to delete image tags via the DELETE /v2/<name>/manifests/<tag> endpoint even when the operator has explicitly configured storage.delete.enabled: false. The tag deletion code path in registry/handlers/manifests.go bypasses the deletion authorization check present in digest-based manifest deletion, enabling attackers with network access to cause denial of service by removing tags and disrupting supply chain integrity of registries intended to be immutable.

Technical ContextAI

Docker Distribution Registry is the reference implementation of the Docker Registry HTTP API V2 specification used for storing and distributing container images. The vulnerability exists in the manifest deletion handler, which branches on whether a deletion request targets a tag (e.g., 3.23) or a digest (sha256:xxx). When a tag is provided, the code calls tagService.Untag() which directly invokes the storage driver's delete operation without checking the registry.deleteEnabled flag. Conversely, digest-based deletion correctly enforces the storage.delete.enabled configuration via guards in registry/storage/linkedblobstore.go. This inconsistency between two code paths handling the same logical operation (manifest removal) represents a classic authorization bypass due to incomplete control coverage across all entry points. CWE-863 (Incorrect Authorization) characterizes this failure to properly enforce a security policy that should apply uniformly.

RemediationAI

For Distribution v3.x: upgrade immediately to version 3.1.1 or later. For Distribution v2.x: no upstream patch is available; operators must upgrade to the v3.x line (minimum v3.1.1) to obtain the fix, or implement network-level compensating controls such as rate-limiting DELETE requests to the /v2/*/manifests/* endpoint, restricting DELETE method access to trusted clients via reverse proxy rules (e.g., nginx location rules blocking DELETE except from internal networks), or disabling the HTTP DELETE method entirely at the reverse proxy layer if tag deletion is not required. Note that proxy-level controls do not address the underlying authorization flaw but provide defense-in-depth until upgrade is possible. Document this vulnerability in your infrastructure risk register if operating v2.x, as no in-place remediation exists.

More in Docker

View all
CVE-2024-55964 CRITICAL POC
9.8 Mar 26

An issue was discovered in Appsmith before 1.52. Rated critical severity (CVSS 9.8), this vulnerability is remotely expl

CVE-2019-5736 HIGH POC
8.6 Feb 11

runc through version 1.0-rc6 (used in Docker before 18.09.2) contains a container escape vulnerability that allows attac

CVE-2023-32077 HIGH POC
7.5 Aug 24

Netmaker makes networks with WireGuard. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no a

CVE-2026-39987 CRITICAL POC
9.3 Apr 08

Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/

CVE-2023-5815 HIGH POC
8.1 Nov 22

The News & Blog Designer Pack - WordPress Blog Plugin - (Blog Post Grid, Blog Post Slider, Blog Post Carousel, Blog Post

CVE-2014-9357 CRITICAL
10.0 Dec 16

Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build

CVE-2026-34156 CRITICAL POC
9.9 Mar 30

Remote code execution in NocoBase Workflow Script Node (npm @nocobase/plugin-workflow-javascript) allows authenticated l

CVE-2019-15752 HIGH POC
7.8 Aug 28

Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-c

CVE-2025-34221 CRITICAL POC
10.0 Sep 29

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.2.169 and Application prior to version 2

CVE-2024-23054 CRITICAL POC
9.8 Feb 05

An issue in Plone Docker Official Image 5.2.13 (5221) open-source software that could allow for remote code execution du

CVE-2025-23211 CRITICAL POC
9.9 Jan 28

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Rated critical seve

CVE-2026-46339 CRITICAL POC
10.0 May 19

Unauthenticated remote code execution in 9router (npm package) versions 0.4.30 through 0.4.36 allows network-adjacent at

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
openSUSE Tumbleweed Fixed
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS Affected
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS Affected
SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS Affected
SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS Affected

Share

CVE-2026-41888 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy