Skip to main content

Red Hat EUVD-2026-20515

| CVE-2026-32590 HIGH
Deserialization of Untrusted Data (CWE-502)
2026-04-08 redhat GHSA-mvqc-wfv6-7764
Red Hat Deserialization RCE
7.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.1 HIGH
AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Red Hat
7.1 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Re-analysis Queued
Apr 21, 2026 - 23:22 vuln.today
cvss_changed
EUVD ID Assigned
Apr 08, 2026 - 18:16 euvd
EUVD-2026-20515
Analysis Generated
Apr 08, 2026 - 18:16 vuln.today
CVE Published
Apr 08, 2026 - 17:04 nvd
HIGH 7.1

DescriptionCVE.org

A flaw was found in Red Hat Quay's handling of resumable container image layer uploads. The upload process stores intermediate data in the database using a format that, if tampered with, could allow an attacker to execute arbitrary code on the Quay server.

AnalysisAI

Arbitrary code execution in Red Hat Quay via unsafe deserialization during resumable container image uploads affects multiple Quay 3.x deployments and Mirror Registry instances. An authenticated attacker with low privileges can tamper with intermediate upload data stored in the database to execute code on the Quay server, though exploitation requires high attack complexity and user interaction (CVSS 7.1). …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate to Quay registry
Delivery
Initiate resumable layer upload
Exploit
Tamper with intermediate upload data in database
Execution
Deserialize malicious serialized object
Impact
Execute arbitrary code on server
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Requires authenticated user account on Red Hat Quay with push permissions. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Real-world risk is moderate despite the critical RCE impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An authenticated developer with container push permissions to a corporate Red Hat Quay registry initiates a resumable upload of a malicious container layer. During the chunked upload process, the attacker intercepts and modifies the intermediate upload state stored in Quay's database, injecting a serialized payload crafted to execute system commands when deserialized. …
Remediation Organizations should immediately consult the Red Hat security advisory at https://access.redhat.com/security/cve/CVE-2026-32590 and the Bugzilla tracking issue at https://bugzilla.redhat.com/show_bug.cgi?id=2446964 for patch availability and specific fixed versions. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: Inventory all Red Hat Quay 3.x and Mirror Registry deployments; restrict upload permissions to highly trusted users only and enable detailed audit logging of upload activities. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

Share

EUVD-2026-20515 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy