CVE-2026-32590

Summary

A flaw was found in Red Hat Quay's handling of resumable container image layer uploads. The upload process stores intermediate data in the database using a format that, if tampered with, could allow an attacker to execute arbitrary code on the Quay server.

Affected Software

VendorProductVersion RangeStatus
Red Hatmirror registry for Red Hat OpenShift 2.01782177012 < *unaffected
Red HatRed Hat Quay 3.101779822261 < *unaffected
Red HatRed Hat Quay 3.121779811412 < *unaffected
Red HatRed Hat Quay 3.141779689392 < *unaffected
Red HatRed Hat Quay 3.151780891395 < *unaffected
Red HatRed Hat Quay 3.161779204086 < *unaffected
Red HatRed Hat Quay 3.171779922205 < *unaffected
Red HatRed Hat Quay 3.171780604033 < *unaffected
Red HatRed Hat Quay 3.91779811473 < *unaffected

Weaknesses

  • CWE-502: Deserialization of Untrusted Data

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References