Skip to main content

oras-go CVE-2026-50151

HIGH
Server-Side Request Forgery (SSRF) (CWE-918)
2026-07-01 https://github.com/oras-project/oras-go GHSA-jxpm-75mh-9fp7
7.5
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
vuln.today AI
5.9 MEDIUM

AC:H because the attacker must control or MITM the registry the client uploads to; PR:N/UI:N as no victim privilege or interaction beyond a normal push; C:H for credential leak, I/A:N.

3.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
4.0 AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

2
Analysis Generated
Jul 01, 2026 - 22:21 vuln.today
CVE Published
Jul 01, 2026 - 21:35 github-advisory
HIGH 7.5

DescriptionGitHub Advisory

Summary

oras-go follows a registry-controlled Location header during the monolithic blob upload flow and reuses the Authorization header from the initial POST request for the subsequent PUT request. If a malicious registry returns a cross-host Location, oras-go can send the caller's credentials to an attacker-controlled endpoint.

Affected Versions

tested: v2.6.0 (commit 03243809936cce826494b5506f724c6dc11115b1, as-of 2026-01-24) range: unknown; likely affects earlier v2.x releases that include the same upload flow

Impact

Credential leak to an attacker-controlled endpoint and client-side ssrf to a cross-host target.

Affected Component

  • registry/remote/repository.go:878-916 (blobStore.completePushAfterInitialPost)

Reproduction

Attachments include poc.zip with a local-only harness (no real registry required). It runs a fake registry server that returns a cross-host Location and a second server that records whether it received Authorization.

bash
unzip -q -o poc.zip -d /tmp/poc
cd /tmp/poc/poc-F-ORAS-LOCATION-UPLOAD-001
make canonical
make control

Recommended Fix

  • validate Location before uploading (scheme + hostname + effective port) against the original request, or require an explicit opt-in allowlist for cross-host upload urls
  • never forward Authorization when the upload target changes host or scheme

references

  • security policy: https://github.com/oras-project/oras-go/security/policy
  • vulnerable code: registry/remote/repository.go (see blobStore.completePushAfterInitialPost)

AnalysisAI

Credential leakage in oras-go v2 (oras.land/oras-go) lets a malicious or compromised OCI registry steal a client's Authorization credentials by returning a cross-host Location header during monolithic blob upload; oras-go follows the redirect and reuses the original bearer/basic credentials on the PUT to the attacker-controlled host, also yielding client-side SSRF to an arbitrary cross-host target. Any Go application that pushes artifacts using oras-go v2.6.0 (and likely earlier v2.x) is affected. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Attacker controls or MITMs an OCI registry
Delivery
Victim oras-go client POSTs to start blob upload
Exploit
Registry returns cross-host attacker Location
Execution
Client PUTs to attacker host reusing Authorization
Impact
Credentials and blob captured, token replayed

Vulnerability AssessmentAI

Exploitation Requires the victim's oras-go v2 client to perform a monolithic blob upload (push) where the responding registry is attacker-controlled, compromised, or on-path (MITM), because the malicious Location header returned to the POST is the exploitation primitive. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The signals are moderately but not uniformly high. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker stands up (or compromises, or MITMs) an OCI registry and waits for a victim tool built on oras-go to push an artifact; the registry accepts the initial POST and returns a Location header pointing at an attacker-controlled host. oras-go follows that cross-host URL and replays the caller's Authorization credentials on the PUT, delivering the bearer/basic token - and the blob payload - to the attacker, who can then reuse the token against the legitimate registry. …
Remediation Vendor-released patch: v2.6.1 - upgrade the oras.land/oras-go/v2 dependency to v2.6.1 or later (go get oras.land/oras-go/v2@v2.6.1 and rebuild), per GHSA-jxpm-75mh-9fp7, PR https://github.com/oras-project/oras-go/pull/1152, and commit https://github.com/oras-project/oras-go/commit/4683c46ef078091544f5f55fd25102f002806991. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all services and applications using oras-go v2.6.0 or earlier versions. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2012-0217 HIGH POC
7.2 Jun 12

The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and

CVE-2026-33309 CRITICAL POC
9.9 Mar 19

An authenticated path traversal vulnerability in Langflow's file upload functionality allows attackers to write arbitrar

CVE-2019-7304 CRITICAL POC
9.8 Apr 23

Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitra

CVE-2026-33186 CRITICAL POC
9.1 Mar 18

An authorization bypass vulnerability in gRPC-Go allows attackers to circumvent path-based access control by sending HTT

CVE-2026-50180 HIGH POC
8.7 Jul 02

Arbitrary file read in Langroid's SQLChatAgent (<= 0.63.0) lets an attacker who can influence the LLM-generated SQL exfi

CVE-2020-14966 HIGH POC
7.5 Jun 22

An issue was discovered in the jsrsasign package through 8.0.18 for Node.js. Rated high severity (CVSS 7.5), this vulner

CVE-2020-13822 HIGH POC
7.7 Jun 04

The Elliptic package 6.5.2 for Node.js allows ECDSA signature malleability via variations in encoding, leading '\0' byte

CVE-2026-29181 HIGH POC
7.5 Apr 07

Resource exhaustion in OpenTelemetry Go propagation library (v1.41.0 and earlier) enables remote attackers to trigger se

CVE-2019-7303 HIGH POC
7.5 Apr 23

A vulnerability in the seccomp filters of Canonical snapd before version 2.37.4 allows a strict mode snap to insert char

CVE-2014-4699 MEDIUM POC
6.9 Jul 09

The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved

CVE-2017-7725 MEDIUM POC
6.1 Apr 13

concrete5 8.1.0 places incorrect trust in the HTTP Host header during caching, if the administrator did not define a "ca

CVE-2026-48816 MEDIUM POC
6.5 Jul 01

Timestamp forgery in sigstore-js allows an attacker supplying a crafted bundle v0.2 to manipulate certificate validity w

Share

CVE-2026-50151 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy