This page lists publicly disclosed CVE vulnerabilities affecting redhat quay (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-6848 | A flaw was found in Red Hat Quay. When Red Hat Quay requests password re-verification for sensitive operations, such as token generation or robot account creation, the re-authentication prompt can be bypassed. This allows a user with a timed-out session, or an attacker with access to an idle authenticated browser session, to perform privileged actions without providing valid credentials. The vulnerability enables unauthorized execution of sensitive operations despite the user interface displayin | [email protected] | 5.4 | 0.26% | 2026-04-22 | 2026-06-17 |
| CVE-2026-32591 | A flaw was found in Red Hat Quay's Proxy Cache configuration feature. When an organization administrator configures an upstream registry for proxy caching, Quay makes a network connection to the specified registry hostname without verifying that it points to a legitimate external service. An attacker with organization administrator privileges could supply a crafted hostname to force the Quay server to make requests to internal network services, cloud infrastructure endpoints, or other resources | [email protected] | 5.2 | 0.24% | 2026-04-08 | 2026-06-17 |
| CVE-2026-32590 | A flaw was found in Red Hat Quay's handling of resumable container image layer uploads. The upload process stores intermediate data in the database using a format that, if tampered with, could allow an attacker to execute arbitrary code on the Quay server. | [email protected] | 7.1 | 0.41% | 2026-04-08 | 2026-06-17 |
| CVE-2026-32589 | A flaw was found in Red Hat Quay's container image upload process. An authenticated user with push access to any repository on the registry can interfere with image uploads in progress by other users, including those in repositories they do not have access to. This could allow the attacker to read, modify, or cancel another user's in-progress image upload. | [email protected] | 7.4 | 0.24% | 2026-04-08 | 2026-06-17 |
| CVE-2026-2377 | A flaw was found in mirror-registry. Authenticated users can exploit the log export feature by providing a specially crafted web address (URL). This allows the application's backend to make arbitrary requests to internal network resources, a vulnerability known as Server-Side Request Forgery (SSRF). This could lead to unauthorized access to sensitive information or other internal systems. | [email protected] | 6.5 | 0.32% | 2026-04-08 | 2026-06-17 |
| CVE-2026-2376 | A flaw was found in mirror-registry where an authenticated user can trick the system into accessing unintended internal or restricted systems by providing malicious web addresses. When the application processes these addresses, it automatically follows redirects without verifying the final destination, allowing attackers to route requests to systems they should not have access to. | [email protected] | 4.9 | 0.16% | 2026-03-12 | 2026-06-17 |
| CVE-2025-4374 | A flaw was found in Quay. When an organization acts as a proxy cache, and a user or robot pulls an image that hasn't been mirrored yet, they are granted "Admin" permissions on the newly created repository. | [email protected] | 6.5 | 0.21% | 2025-05-06 | 2026-06-17 |
| CVE-2024-9683 | A vulnerability was found in Quay, which allows successful authentication even when a truncated password version is provided. This flaw affects the authentication mechanism, reducing the overall security of password enforcement. While the risk is relatively low due to the typical length of the passwords used (73 characters), this vulnerability can still be exploited to reduce the complexity of brute-force or password-guessing attacks. The truncation of passwords weakens the overall authenticati | [email protected] | 4.8 | 0.30% | 2024-10-17 | 2026-06-17 |
| CVE-2024-5891 | A vulnerability was found in Quay. If an attacker can obtain the client ID for an application, they can use an OAuth token to authenticate despite not having access to the organization from which the application was created. This issue is limited to authentication and not authorization. However, in configurations where endpoints rely only on authentication, a user may authenticate to applications they otherwise have no access to. | [email protected] | 4.2 | 0.23% | 2024-06-12 | 2026-06-17 |
| CVE-2023-4956 | A flaw was found in Quay. Clickjacking is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they intend to click on the top-level page. During the pentest, it has been detected that the config-editor page is vulnerable to clickjacking. This flaw allows an attacker to trick an administrator user into clicking on buttons on the config-editor panel, possibly reconfiguring some parts of the Quay instance. | [email protected] | 6.5 | 0.48% | 2023-11-07 | 2026-06-17 |
| CVE-2023-44487 KEV | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. | [email protected] | 7.5 | 100.00% | 2023-10-10 | 2026-06-17 |
| CVE-2023-4959 | A flaw was found in Quay. Cross-site request forgery (CSRF) attacks force a user to perform unwanted actions in an application. During the pentest, it was detected that the config-editor page is vulnerable to CSRF. The config-editor page is used to configure the Quay instance. By coercing the victim’s browser into sending an attacker-controlled request from another domain, it is possible to reconfigure the Quay instance (including adding users with admin privileges). | [email protected] | 6.5 | 0.25% | 2023-09-15 | 2026-06-17 |
| CVE-2023-3384 | A flaw was found in the Quay registry. While the image labels created through Quay undergo validation both in the UI and backend by applying a regex (validation.py), the same validation is not performed when the label comes from an image. This flaw allows an attacker to publish a malicious image to a public registry containing a script that can be executed via Cross-site scripting (XSS). | [email protected] | 5.4 | 0.33% | 2023-07-24 | 2026-06-17 |
| CVE-2020-10735 | A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability. | [email protected] | 7.5 | 3.21% | 2022-09-09 | 2026-06-17 |
| CVE-2022-2447 | A flaw was found in Keystone. There is a time lag (up to one hour in a default configuration) between when security policy says a token should be revoked from when it is actually revoked. This could allow a remote administrator to secretly maintain access for longer than expected. | [email protected] | 6.6 | 0.58% | 2022-09-01 | 2026-06-17 |
| CVE-2022-1227 | A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service. | [email protected] | 8.8 | 3.97% | 2022-04-29 | 2026-06-17 |
| CVE-2021-3762 | A directory traversal vulnerability was found in the ClairCore engine of Clair. An attacker can exploit this by supplying a crafted container image which, when scanned by Clair, allows for arbitrary file write on the filesystem, potentially allowing for remote code execution. | [email protected] | 9.8 | 4.51% | 2022-03-03 | 2026-06-17 |
| CVE-2020-27832 | A flaw was found in Red Hat Quay, where it has a persistent Cross-site Scripting (XSS) vulnerability when displaying a repository's notification. This flaw allows an attacker to trick a user into performing a malicious action to impersonate the target user. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | [email protected] | 9.0 | 0.91% | 2021-05-27 | 2026-06-17 |
| CVE-2020-27831 | A flaw was found in Red Hat Quay, where it does not properly protect the authorization token when authorizing email addresses for repository email notifications. This flaw allows an attacker to add email addresses they do not own to repository notifications. | [email protected] | 4.3 | 0.55% | 2021-05-27 | 2026-06-17 |
| CVE-2019-3867 | A vulnerability was found in the Quay web application. Sessions in the Quay web application never expire. An attacker, able to gain access to a session, could use it to control or delete a user's container repository. Red Hat Quay 2 and 3 are vulnerable to this issue. | [email protected] | 4.1 | 0.29% | 2021-03-18 | 2026-06-17 |