CVE-2026-32590
HIGH WAF: Medium
CVSS 8.8
Published: 2026-04-08
CWE-502
A flaw was found in Red Hat Quay's handling of resumable container image layer uploads. The upload process stores intermediate data in the database using a format that, if tampered with, could allow an attacker to execute arbitrary code on the Quay server.
WAF Coverage Analysis
Insecure Deserialization
Medium WAF Coverage
OWASP: A08:2021 Software and Data Integrity Failures
944xxx - Java Attack
Affected Software
| Vendor | Product | Version |
|---|---|---|
| redhat | mirror_registry_for_red_hat_openshift | - |
| redhat | mirror_registry_for_red_hat_openshift | 2.0 |
| redhat | quay | 3.0.0 |
References
- access.redhat.com
- access.redhat.com
- access.redhat.com
- access.redhat.com
- access.redhat.com
- access.redhat.com
- access.redhat.com
- access.redhat.com
- access.redhat.com (Vendor Advisory)
- bugzilla.redhat.com (Issue Tracking, Vendor Advisory)