Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2026-2377

A flaw was found in Red Hat Quay and mirror registry for Red Hat OpenShift. The log export feature in these products allows an authenticated user to specify an arbitrary callback URL. A backend process then makes server-side HTTP requests to this provided URL. This vulnerability, known as Server-Side Request Forgery (SSRF), could allow an attacker to send requests from the application's internal network, potentially leading to the disclosure of sensitive information.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 32.6%
CVSS Severity
CVSS v3 Score 6.5
References
Products affected by CVE-2026-2377


Contact Us

Shodan ® - All rights reserved