CVE-2026-32589
A flaw was found in Red Hat Quay's container image upload process. An authenticated user with push access to any repository on the registry
CVSS
7.4
Alto
EPSS
0.2%
p15
KEV
—
Exploit Today
5
0-100
Publicado: 8 abr 2026 · Última mod.: 18 jul 2026 · CWE-639
0.2%EPSS · 30 días0.2%
2026-06-302026-07-18
A flaw was found in Red Hat Quay's container image upload process. An authenticated user with push access to any repository on the registry can interfere with image uploads in progress by other users, including those in repositories they do not have access to. This could allow the attacker to read, modify, or cancel another user's in-progress image upload.
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:19375
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:21017
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:22465
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:22629
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:22840
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:23361
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:24853
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:28441
- access.redhat.comhttps://access.redhat.com/security/cve/CVE-2026-32589
- bugzilla.redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2446963
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:19375
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:21017
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:22465
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:22629
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:22840
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:23361
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:24853
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:28441
- access.redhat.comhttps://access.redhat.com/security/cve/CVE-2026-32589
- bugzilla.redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2446963
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2026-552558.4 ALT42.8%
KEV—63Langflow Authorization Bypass Through User-Controlled Key Vulnerability11dCVE-2021-464168.1 ALT89.9%
——27Insecure direct object reference in SUNNY TRIPOWER 5.0 Firmware version 3.10.16.R leads to unauthorized user groups accessing due to insecure cookie handling.6dCVE-2022-289867.5 ALT80.9%
——24LMS Doctor Simple 2 Factor Authentication Plugin For Moodle Affected: 2021072900 has an Insecure direct object references (IDOR) vulnerability, which allows remote attackers to update sensitive records such as email, password and phone number of other user accounts.11dCVE-2020-234465.3 MED65.5%
——20Verint Workforce Optimization suite 15.1 (15.1.0.37634) has Unauthenticated Information Disclosure via API11dCVE-2021-33806.5 MED61.5%
——18Insecure direct object reference (IDOR) vulnerability in ICREM H8 SSRMS allows attackers to disclose sensitive information via the Print Invoice Functionality.11dCVE-2022-362029.8 CRÍ51.5%
——15Doctor's Appointment System1.0 is vulnerable to Incorrect Access Control via edoc/patient/settings.php. The settings.php is affected by Broken Access Control (IDOR) via id= parameter.11d