Authentication Bypass Vulnerability in Red Hat Quay by Red Hat
CVE-2026-6848

5.4MEDIUM

Key Information:

Vendor: Red Hat
Status: Red Hat Quay 3
Vendor: CVE Published:; 22 April 2026

What is CVE-2026-6848?

A flaw present in Red Hat Quay permits a user to bypass required password re-verification for conducting sensitive operations such as token generation and robot account creation. This vulnerability arises when a session has timed out, allowing an attacker who has access to an idle authenticated session to execute privileged actions without proper credential verification. Even though the user interface indicates an invalid credential error, the vulnerability undermines the authentication process, leading to unauthorized executions.

References

https://access.redhat.com/security/cve/CVE-2026-6848

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2460119

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 22, 2026
Vulnerability Reserved
Apr 22, 2026

Credit

This issue was discovered by Davide Scrimieri (Red Hat).

CVE-2026-6848 Data

JSON