Auth bypass in Distribution

CVE-2025-24976

Distribution is a toolkit to pack, ship, store, and deliver container content. Systems running registry versions 3.0.0-beta.1 through 3.0.0-rc.2 with token authentication enabled may be vulnerable to an issue in which token authentication…

Vulnerability class: IDOR (Insecure Direct Object Reference)

EPSS: 0.003 (24.4th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References