CVE-2026-2376EPSS p5.1%

CVE-2026-2376CVE-2026-2376

redhat / quay

Description

A flaw was found in mirror-registry where an authenticated user can trick the system into accessing unintended internal or restricted systems by providing malicious web addresses. When the application processes these addresses, it automatically follows redirects without verifying the final destination, allowing attackers to route requests to systems they should not have access to.

Scoring

CVSS 4.9 ()
VectorCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N
EPSS0.16% probability of exploitation · percentile 5.1% · 2026-06-19T12:03:05Z
Last modified2026-06-02

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-2377
CVE
CVE-2026-5936
CVE
CVE-2026-28301
CVE
CVE-2025-52692
CVE
CVE-2026-9646
CVE
CVE-2026-23899
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.