What is CVE-2026-2376?

CVE-2026-2376 is a medium-severity vulnerability in Red Hat Mirror Registry For Openshift, classified under URL Redirection to Untrusted Site (Open Redirect). CVSS score: 4.9/10. Published 2026-03-12.

How severe is CVE-2026-2376?

Medium severity. CVSS v3 base score is 4.9 out of 10.

Open Redirect in Red Hat Mirror Registry For Openshift

CVE-2026-2376

A flaw was found in mirror-registry where an authenticated user can trick the system into accessing unintended internal or restricted systems by providing malicious web addresses. When the application processes these addresses, it automa…

Vulnerability class: Open Redirect

EPSS: 0.000 (10.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.9 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N.

Affected products

Red Hat Mirror Registry For Openshift
Red Hat Mirror Registry For Openshift 2
Red Hat Quay 3
Redhat Enterprise_linux — versions 8.0, 9.0
Redhat Mirror_registry
Redhat Quay — versions 3.0.0

Weakness classification (CWE)

CWE-601 — URL Redirection to Untrusted Site (Open Redirect)

References

secalert@redhat.com (x_refsource_REDHAT, vdb-entry, Vendor Advisory)
secalert@redhat.com (x_refsource_REDHAT, issue-tracking, Vendor Advisory)
secalert@redhat.com (Patch, Issue Tracking)

Frequently asked questions

What is CVE-2026-2376?: CVE-2026-2376 is a medium-severity vulnerability in Red Hat Mirror Registry For Openshift, classified under URL Redirection to Untrusted Site (Open Redirect). CVSS score: 4.9/10. Published 2026-03-12.
How severe is CVE-2026-2376?: Medium severity. CVSS v3 base score is 4.9 out of 10.