Authentication Flaw in Docker Registry for BBot by Black Lantern Security
CVE-2026-12566

3.1LOW

Key Information:

Vendor: Black Lantern Security
Status: Bbot
Vendor: CVE Published:; 17 June 2026

🔔 Create Black Lantern Security Vulnerability Alert

What is CVE-2026-12566?

The docker_pull module in BBot improperly uses the realm parameter from the Docker registry's WWW-Authenticate response header as the authentication endpoint without proper validation. This flaw exposes the system to potential man-in-the-middle attacks, allowing an adversary to manipulate the authentication request and redirect it to an unauthorized server. As a result, sensitive authentication tokens could be compromised, posing significant risks to user security and data integrity.

Affected Version(s)

BBOT 2.0.0

References

https://github.com/blacklanternsecurity/bbot/commit/c2f4b...

CVSS V3.1

Score:

3.1

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 17, 2026
Vulnerability Reserved
Jun 17, 2026

CVE-2026-12566 Data

JSON