Container Image Upload Vulnerability in Red Hat Quay
CVE-2026-32589

7.1HIGH

Key Information:

Vendor: Red Hat
Status: Mirror Registry For Red Hat Openshift; Mirror Registry For Red Hat Openshift 2; Red Hat Quay 3
Vendor: CVE Published:; 8 April 2026

What is CVE-2026-32589?

A vulnerability in Red Hat Quay allows authenticated users with push access to interfere with ongoing image uploads from other users. This includes the ability to read, modify, or cancel uploads in progress, even for repositories they do not have explicit access to. This flaw poses a risk to the integrity of container images and could lead to unauthorized alterations or disruptions in the workflow of other users.

References

https://access.redhat.com/security/cve/CVE-2026-32589

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2446963

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 8, 2026
Vulnerability Reserved
Mar 12, 2026

Credit

Red Hat would like to thank Antony Di Scala and Michael Whale for reporting this issue.

CVE-2026-32589 Data

JSON