{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-35172", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-04-01T17:26:21.133Z", "datePublished": "2026-04-06T19:08:44.512Z", "dateUpdated": "2026-04-07T14:46:34.904Z"}, "containers": {"cna": {"title": "Distribution has stale blob access resurrection via repo-scoped redis descriptor cache invalidation", "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "lang": "en", "description": "CWE-284: Improper Access Control", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/distribution/distribution/security/advisories/GHSA-f2g3-hh2r-cwgc", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/distribution/distribution/security/advisories/GHSA-f2g3-hh2r-cwgc"}], "affected": [{"vendor": "distribution", "product": "distribution", "versions": [{"version": "< 3.1.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-06T19:08:44.512Z"}, "descriptions": [{"lang": "en", "value": "Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.0, distribution can restore read access in repo a after an explicit delete when storage.cache.blobdescriptor: redis and storage.delete.enabled: true are both enabled. The delete path clears the shared digest descriptor but leaves stale repo-scoped membership behind, so a later Stat or Get from repo b repopulates the shared descriptor and makes the deleted blob readable from repo a again. This vulnerability is fixed in 3.1.0."}], "source": {"advisory": "GHSA-f2g3-hh2r-cwgc", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-07T14:45:08.558570Z", "id": "CVE-2026-35172", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-07T14:46:34.904Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"cna": {"title": "Distribution has stale blob access resurrection via repo-scoped redis descriptor cache invalidation", "source": {"advisory": "GHSA-f2g3-hh2r-cwgc", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "distribution", "product": "distribution", "versions": [{"status": "affected", "version": "< 3.1.0"}]}], "references": [{"url": "https://github.com/distribution/distribution/security/advisories/GHSA-f2g3-hh2r-cwgc", "name": "https://github.com/distribution/distribution/security/advisories/GHSA-f2g3-hh2r-cwgc", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.0, distribution can restore read access in repo a after an explicit delete when storage.cache.blobdescriptor: redis and storage.delete.enabled: true are both enabled. The delete path clears the shared digest descriptor but leaves stale repo-scoped membership behind, so a later Stat or Get from repo b repopulates the shared descriptor and makes the deleted blob readable from repo a again. This vulnerability is fixed in 3.1.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284: Improper Access Control"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-06T19:08:44.512Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-35172", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-07T14:45:08.558570Z"}}}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2026-04-07T14:46:30.614Z"}}]}, "cveMetadata": {"cveId": "CVE-2026-35172", "state": "PUBLISHED", "dateUpdated": "2026-04-06T19:08:44.512Z", "dateReserved": "2026-04-01T17:26:21.133Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-06T19:08:44.512Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:distribution:distribution:*:*:*:*:*:*:*:*", "matchCriteriaId": "B0361B73-DBB7-4E06-9F20-D9EE6C841671", "versionEndExcluding": "3.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.0, distribution can restore read access in repo a after an explicit delete when storage.cache.blobdescriptor: redis and storage.delete.enabled: true are both enabled. The delete path clears the shared digest descriptor but leaves stale repo-scoped membership behind, so a later Stat or Get from repo b repopulates the shared descriptor and makes the deleted blob readable from repo a again. This vulnerability is fixed in 3.1.0."}], "id": "CVE-2026-35172", "lastModified": "2026-04-27T23:55:02.720", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-06T20:16:25.607", "references": [{"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/distribution/distribution/security/advisories/GHSA-f2g3-hh2r-cwgc"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "security-advisories@github.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "github.com/distribution/distribution: Distribution: Information disclosure via stale references after content deletion", "id": "2455571", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455571"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "draft"}, "cwe": "CWE-524", "details": ["Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.0, distribution can restore read access in repo a after an explicit delete when storage.cache.blobdescriptor: redis and storage.delete.enabled: true are both enabled. The delete path clears the shared digest descriptor but leaves stale repo-scoped membership behind, so a later Stat or Get from repo b repopulates the shared descriptor and makes the deleted blob readable from repo a again. This vulnerability is fixed in 3.1.0.", "A flaw was found in Distribution, a toolkit used for managing container content. When specific caching and deletion features are enabled, a remote attacker can exploit a vulnerability that allows previously deleted content to become readable again. This occurs because the system does not fully remove all references to the deleted data, leading to unauthorized information disclosure."], "name": "CVE-2026-35172", "package_state": [{"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift3/ose-operator-lifecycle-manager", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-operator-framework-tools-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-operator-lifecycle-manager", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-operator-lifecycle-manager-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-operator-registry", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "redhat/redhat-operator-index", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2026-04-06T19:08:44Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-35172\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-35172\nhttps://github.com/distribution/distribution/security/advisories/GHSA-f2g3-hh2r-cwgc"], "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,3.1.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "distribution", "source": "cna", "vendor": "distribution"}, "product": "distribution", "vendor": "distribution"}], "analysis": {"en": {"generated_at": "2026-04-28T21:42:26.905313+00:00", "value": {"mitigation_remediation": ["Upgrade distribution to version 3.1.0 or later.", "Disable the delete operation by setting storage.delete.enabled to false in the registry configuration to prevent accidental resurrections.", "Disable or reconfigure Redis blob descriptor caching by setting storage.cache.blobdescriptor to false or ensuring stale entries are purged promptly."], "summary": {"action": "Patch Immediately", "impact": "Unauthorized Data Access"}, "threat_synthesis": {"affected_systems": "All instances of Docker Distribution earlier than version 3.1.0 that are configured with storage.delete.enabled set to true and which use Redis for blob descriptor caching are affected. The vulnerability does not impact installations that do not enable the delete feature or do not use Redis for descriptor caching.", "description_and_impact": "The vulnerability allows a deleted container artifact to become readable again. When a blob is removed in a repository that has both delete operations enabled and a Redis cache for blob descriptors enabled, the shared digest descriptor is cleared but the repository\u2011specific membership information is left in the cache. A later request for the same artifact from the same or another repository triggers the cached descriptor to be repopulated, giving users read access to a blob that was intended to be permanently deleted. This results in unauthorized exposure of data that should have been purged, violating confidentiality and the integrity of the repository.", "risk_and_exploitability": "The CVSS score of 7.5 indicates a high impact vulnerability, but the EPSS score of less than 1\u202f% suggests that exploitation in the wild is unlikely. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is inferred from the description: an attacker who has authorization to delete blobs must then request the same blob from a different repository or the same one again to trigger the cache repopulation. Therefore, exploit requires authenticated access with delete privileges or a compromised account. Once the scenario occurs, the deleted artifact is temporarily resurrected until the Redis cache is refreshed. This gives the attacker a narrow window of read access to content that was supposed to be removed."}}}}, "created": "2026-04-07T06:54:31.694439+00:00", "updated": "2026-04-28T21:45:26.150721+00:00", "vendors": ["distribution", "distribution$PRODUCT$distribution"]}