CVE-2026-28909

Summary

Users who connect to malicious registries with hostnames matching the bypass patterns will have their registry credentials exposed in plaintext. This issue is fixed in container version 0.12.3.

Affected Software

VendorProductVersion RangeStatus
ApplemacOS0.12.1 < 0.12.3affected

Weaknesses

  • Users who connect to malicious registries with hostnames matching the bypass patterns will have their registry credentials exposed in plaintext.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References