Redhat Quay
7 CVEs affecting Redhat Quay. Latest disclosed: 2026-04-22. Critical: 0, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-44487 | High | 7.5 | 2023-10-10 | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the w… |
CVE-2026-32589 | High | 7.4 | 2026-04-08 | A flaw was found in Red Hat Quay's container image upload process. An authenticated user with push access to any repository on the registry can interfere with… |
CVE-2026-32590 | High | 7.1 | 2026-04-08 | A flaw was found in Red Hat Quay's handling of resumable container image layer uploads. The upload process stores intermediate data in the database using a for… |
CVE-2026-2377 | Medium | 6.5 | 2026-04-08 | A flaw was found in mirror-registry. Authenticated users can exploit the log export feature by providing a specially crafted web address (URL). This allows the… |
CVE-2026-6848 | Medium | 5.4 | 2026-04-22 | A flaw was found in Red Hat Quay. When Red Hat Quay requests password re-verification for sensitive operations, such as token generation or robot account creat… |
CVE-2026-32591 | Medium | 5.2 | 2026-04-08 | A flaw was found in Red Hat Quay's Proxy Cache configuration feature. When an organization administrator configures an upstream registry for proxy caching, Qua… |
CVE-2026-2376 | Medium | 4.9 | 2026-03-12 | A flaw was found in mirror-registry where an authenticated user can trick the system into accessing unintended internal or restricted systems by providing mali… |