{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-2377", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2026-02-11T20:57:59.704Z", "datePublished": "2026-04-08T16:26:07.649Z", "dateUpdated": "2026-04-09T13:49:27.203Z"}, "containers": {"cna": {"title": "Mirror-registry: quay: quay: server-side request forgery via log export functionality", "metrics": [{"other": {"content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in mirror-registry. Authenticated users can exploit the log export feature by providing a specially crafted web address (URL). This allows the application's backend to make arbitrary requests to internal network resources, a vulnerability known as Server-Side Request Forgery (SSRF). This could lead to unauthorized access to sensitive information or other internal systems."}], "affected": [{"vendor": "Red Hat", "product": "mirror registry for Red Hat OpenShift", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openshift/mirror-registry-rhel8", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:mirror_registry:1"]}, {"vendor": "Red Hat", "product": "mirror registry for Red Hat OpenShift 2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openshift/mirror-registry-rhel8", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:mirror_registry:2"]}, {"vendor": "Red Hat", "product": "Red Hat Quay 3", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "quay/quay-rhel8", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:quay:3"]}, {"vendor": "Red Hat", "product": "Red Hat Quay 3", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "quay/quay-rhel9", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:quay:3"]}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-2377", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439201", "name": "RHBZ#2439201", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2026-04-08T16:18:10.324Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "description": "Server-Side Request Forgery (SSRF)", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-918: Server-Side Request Forgery (SSRF)", "timeline": [{"lang": "en", "time": "2026-02-11T21:02:44.495Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-04-08T16:18:10.324Z", "value": "Made public."}], "credits": [{"lang": "en", "value": "Red Hat would like to thank Antony Di Scala and Michael Whale for reporting this issue."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-04-09T13:49:27.203Z"}, "x_generator": {"engine": "cvelib 1.8.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-08T18:42:52.638708Z", "id": "CVE-2026-2377", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-08T18:43:00.505Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-2377", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-08T18:42:52.638708Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-08T18:42:56.263Z"}}], "cna": {"title": "Mirror-registry: quay: quay: server-side request forgery via log export functionality", "credits": [{"lang": "en", "value": "Red Hat would like to thank Antony Di Scala and Michael Whale for reporting this issue."}], "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"cpes": ["cpe:/a:redhat:mirror_registry:1"], "vendor": "Red Hat", "product": "mirror registry for Red Hat OpenShift", "packageName": "openshift/mirror-registry-rhel8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:mirror_registry:2"], "vendor": "Red Hat", "product": "mirror registry for Red Hat OpenShift 2", "packageName": "openshift/mirror-registry-rhel8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:quay:3"], "vendor": "Red Hat", "product": "Red Hat Quay 3", "packageName": "quay/quay-rhel8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:quay:3"], "vendor": "Red Hat", "product": "Red Hat Quay 3", "packageName": "quay/quay-rhel9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}], "timeline": [{"lang": "en", "time": "2026-02-11T21:02:44.495Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-04-08T16:18:10.324Z", "value": "Made public."}], "datePublic": "2026-04-08T16:18:10.324Z", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-2377", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439201", "name": "RHBZ#2439201", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "x_generator": {"engine": "cvelib 1.8.0"}, "descriptions": [{"lang": "en", "value": "A flaw was found in mirror-registry. Authenticated users can exploit the log export feature by providing a specially crafted web address (URL). This allows the application's backend to make arbitrary requests to internal network resources, a vulnerability known as Server-Side Request Forgery (SSRF). This could lead to unauthorized access to sensitive information or other internal systems."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-918", "description": "Server-Side Request Forgery (SSRF)"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-04-09T13:49:27.203Z"}, "x_redhatCweChain": "CWE-918: Server-Side Request Forgery (SSRF)"}}, "cveMetadata": {"cveId": "CVE-2026-2377", "state": "PUBLISHED", "dateUpdated": "2026-04-09T13:49:27.203Z", "dateReserved": "2026-02-11T20:57:59.704Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2026-04-08T16:26:07.649Z", "assignerShortName": "redhat"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:mirror_registry_for_red_hat_openshift:-:*:*:*:*:*:*:*", "matchCriteriaId": "63757310-FC5B-44E6-9211-36269827BC56", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:mirror_registry_for_red_hat_openshift:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "281E6AA4-1E08-488F-BA7A-F0BE7CF42A5B", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:quay:3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "B1987BDA-0113-4603-B9BE-76647EB043F2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in mirror-registry. Authenticated users can exploit the log export feature by providing a specially crafted web address (URL). This allows the application's backend to make arbitrary requests to internal network resources, a vulnerability known as Server-Side Request Forgery (SSRF). This could lead to unauthorized access to sensitive information or other internal systems."}], "id": "CVE-2026-2377", "lastModified": "2026-04-21T17:59:53.103", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "secalert@redhat.com", "type": "Primary"}]}, "published": "2026-04-08T17:21:16.237", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2026-2377"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439201"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "secalert@redhat.com", "type": "Primary"}]}

{"bugzilla": {"description": "mirror-registry: quay: quay: Server-Side Request Forgery via log export functionality", "id": "2439201", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439201"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "draft"}, "cwe": "CWE-918", "details": ["A flaw was found in mirror-registry. Authenticated users can exploit the log export feature by providing a specially crafted web address (URL). This allows the application's backend to make arbitrary requests to internal network resources, a vulnerability known as Server-Side Request Forgery (SSRF). This could lead to unauthorized access to sensitive information or other internal systems."], "name": "CVE-2026-2377", "package_state": [{"cpe": "cpe:/a:redhat:mirror_registry:1", "fix_state": "Fix deferred", "impact": "moderate", "package_name": "openshift/mirror-registry-rhel8", "product_name": "mirror registry for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:mirror_registry:2", "fix_state": "Fix deferred", "impact": "moderate", "package_name": "openshift/mirror-registry-rhel8", "product_name": "mirror registry for Red Hat OpenShift 2"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Affected", "package_name": "quay/quay-rhel8", "product_name": "Red Hat Quay 3"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Affected", "package_name": "quay/quay-rhel9", "product_name": "Red Hat Quay 3"}], "public_date": "2026-04-08T16:18:10Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-2377\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-2377"], "statement": "Due to the intended and supported use case of Openshift Mirror Registry, deployment in an offline or network-isolated environment, the impact for this product has been downgraded to `Moderate`.\nEven in case of compromise, the blast radius is restricted to mirror-registry. It can not be escalated outside the core product. This vulnerability has been scored based on the lack of change of scope.", "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": null}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "mirror registry for Red Hat OpenShift", "source": "cna", "vendor": "Red Hat"}, "product": "mirror_registry", "vendor": "redhat"}, {"configurations": [{"platform": null, "status": "affected", "versions": null}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "Red Hat Quay 3", "source": "cna", "vendor": "Red Hat"}, "product": "quay", "vendor": "redhat"}], "analysis": {"en": {"generated_at": "2026-04-08T18:53:45.040275+00:00", "value": {"mitigation_remediation": ["Apply Red\u202fHat patch for mirror\u2011registry and Quay\u202f3 updates as distributed by the vendor", "Restrict log export functionality to the minimum set of privileged users", "Use network segmentation and firewall rules to block unauthorized internal requests from the mirror\u2011registry service"], "summary": {"action": "Immediate Patch", "impact": "Server\u2011Side Request Forgery enabling internal network access"}, "threat_synthesis": {"affected_systems": "The vulnerability affects Red\u202fHat OpenShift mirror\u2011registry components and Quay\u202f3. The specific affected packages include mirror\u2011registry version\u202f1, mirror\u2011registry version\u202f2, and Quay\u202f3, as indicated by their Common Platform Enumeration strings.", "description_and_impact": "A flaw in Red\u202fHat mirror\u2011registry allows authenticated users to supply an arbitrary web address when exporting logs, causing the backend to perform server\u2011side requests. This Server\u2011Side Request Forgery can reach internal network resources, exposing sensitive data or permitting further attacks. The weakness is categorized as CWE\u2011918.", "risk_and_exploitability": "The nominal CVSS score of 6.5 reflects a moderate severity, and the absence of an EPSS score makes the precise exploitation likelihood uncertain. The vulnerability is not listed in CISA\u2019s KEV catalog, indicating no confirmed public exploits yet. Because the exploit requires an authenticated user with permission to export logs, an attacker must first gain legitimate access; from there they can trick the system into accessing internal resources. The risk is significant for environments where internal services are not properly segmented or monitored."}}}}, "created": "2026-04-08T19:39:06.861077+00:00", "updated": "2026-04-09T08:18:44.034767+00:00", "vendors": ["redhat", "redhat$PRODUCT$mirror_registry", "redhat$PRODUCT$quay"]}