CVE-2026-6848HIGH 8.1EPSS p17.4%

CVE-2026-6848CVE-2026-6848

Description

A flaw was found in Red Hat Quay. When Red Hat Quay requests password re-verification for sensitive operations, such as token generation or robot account creation, the re-authentication prompt can be bypassed. This allows a user with a timed-out session, or an attacker with access to an idle authenticated browser session, to perform privileged actions without providing valid credentials. The vulnerability enables unauthorized execution of sensitive operations despite the user interface displaying an error for invalid credentials.

Scoring

CVSS 3.18.1 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS0.26% probability of exploitation · percentile 17.4% · 2026-06-19T12:03:05Z
Published2026-04-22
Last modified2026-05-20

Underlying weaknesses· 1

CWE-613

References

  1. https://access.redhat.com/security/cve/CVE-2026-6848
  2. https://bugzilla.redhat.com/show_bug.cgi?id=2460119

1

TypeTargetConfidenceTier
WeaknessInsufficient Session Expirationcwe-6130%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-32589
CVE
CVE-2026-9802
CVE
CVE-2026-32591
CVE
CVE-2026-9798
CVE
CVE-2026-4828
CVE
CVE-2026-4924
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.