CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-41888

Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.1, tag deletion via the DELETE /v2/<name>/manifests/<tag> endpoint bypasses the storage.delete.enabled: false configuration, allowing any API client to remove tags from repositories even when the operator has explicitly disabled deletion. This vulnerability is fixed in 3.1.1.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 3.8%

CVSS Severity

CVSS v3 Score 6.5

References

Products affected by CVE-2026-41888

Distribution » Distribution » Version: 2.0.0

cpe:2.3:a:distribution:distribution:2.0.0
Distribution » Distribution » Version: 2.0.1

cpe:2.3:a:distribution:distribution:2.0.1
Distribution » Distribution » Version: 2.1.0

cpe:2.3:a:distribution:distribution:2.1.0
Distribution » Distribution » Version: 2.1.1

cpe:2.3:a:distribution:distribution:2.1.1
Distribution » Distribution » Version: 2.2.0

cpe:2.3:a:distribution:distribution:2.2.0
Distribution » Distribution » Version: 2.2.1

cpe:2.3:a:distribution:distribution:2.2.1
Distribution » Distribution » Version: 2.3.0

cpe:2.3:a:distribution:distribution:2.3.0
Distribution » Distribution » Version: 2.3.1

cpe:2.3:a:distribution:distribution:2.3.1
Distribution » Distribution » Version: 2.4.0

cpe:2.3:a:distribution:distribution:2.4.0
Distribution » Distribution » Version: 2.4.1

cpe:2.3:a:distribution:distribution:2.4.1
Distribution » Distribution » Version: 2.5.0

cpe:2.3:a:distribution:distribution:2.5.0
Distribution » Distribution » Version: 2.5.1

cpe:2.3:a:distribution:distribution:2.5.1
Distribution » Distribution » Version: 2.5.2

cpe:2.3:a:distribution:distribution:2.5.2
Distribution » Distribution » Version: 2.6.0

cpe:2.3:a:distribution:distribution:2.6.0
Distribution » Distribution » Version: 2.6.1

cpe:2.3:a:distribution:distribution:2.6.1
Distribution » Distribution » Version: 2.6.2

cpe:2.3:a:distribution:distribution:2.6.2
Distribution » Distribution » Version: 2.7.0

cpe:2.3:a:distribution:distribution:2.7.0
Distribution » Distribution » Version: 2.7.1

cpe:2.3:a:distribution:distribution:2.7.1
Distribution » Distribution » Version: 2.8.0

cpe:2.3:a:distribution:distribution:2.8.0
Distribution » Distribution » Version: 2.8.1

cpe:2.3:a:distribution:distribution:2.8.1
Distribution » Distribution » Version: 2.8.2

cpe:2.3:a:distribution:distribution:2.8.2
Distribution » Distribution » Version: 2.8.3

cpe:2.3:a:distribution:distribution:2.8.3
Distribution » Distribution » Version: 3.0.0

cpe:2.3:a:distribution:distribution:3.0.0
Distribution » Distribution » Version: 3.1.0

cpe:2.3:a:distribution:distribution:3.1.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-41888

Products

Pricing

Contact Us