Access Restoration Issue in Container Distribution Tool by Docker
CVE-2026-35172

7.5HIGH

Key Information:

Vendor: Distribution
Status: Distribution
Vendor: CVE Published:; 6 April 2026

🔔 Create Distribution Vulnerability Alert

What is CVE-2026-35172?

Prior to version 3.1.0, the Docker container distribution toolkit exhibited a serious vulnerability wherein read access could be inadvertently restored in a repository after an explicit deletion. This can occur when specific configurations are set, allowing stale membership data to reappear, which results in previously deleted blobs becoming accessible again. The issue stems from inadequacies in the deletion process that fail to adequately clear shared digests, thereby undermining data security. This vulnerability was addressed in version 3.1.0.

Affected Version(s)

distribution < 3.1.0

References

https://github.com/distribution/distribution/security/adv...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 6, 2026
Vulnerability Reserved
Apr 1, 2026

CVE-2026-35172 Data

JSON