Vulnerability Details CVE-2026-2377
A flaw was found in mirror-registry. Authenticated users can exploit the log export feature by providing a specially crafted web address (URL). This allows the application's backend to make arbitrary requests to internal network resources, a vulnerability known as Server-Side Request Forgery (SSRF). This could lead to unauthorized access to sensitive information or other internal systems.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 11.3%
CVSS Severity
CVSS v3 Score 6.5
References
Products affected by CVE-2026-2377
-
cpe:2.3:a:redhat:mirror_registry_for_red_hat_openshift:-
-
cpe:2.3:a:redhat:mirror_registry_for_red_hat_openshift:2.0
-
cpe:2.3:a:redhat:quay:3.0.0