CVE-2026-28909
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Summary
Users who connect to malicious registries with hostnames matching the bypass patterns will have their registry credentials exposed in plaintext. This issue is fixed in container version 0.12.3.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Apple | macOS | 0.12.1 < 0.12.3 | affected |
Weaknesses
- Users who connect to malicious registries with hostnames matching the bypass patterns will have their registry credentials exposed in plaintext.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.