{}

{}

{}

{"acknowledgement": "Red Hat would like to thank Antony Di Scala, Luffy Zhang, and Michael Whale for reporting this issue.", "bugzilla": {"description": "mirror-registry: quay: quay: Server-side Request Forgery via open redirect vulnerability in web interface", "id": "2439117", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439117"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N", "status": "draft"}, "cwe": "CWE-601", "details": ["No description is available for this CVE."], "name": "CVE-2026-2376", "package_state": [{"cpe": "cpe:/a:redhat:mirror_registry:1", "fix_state": "Fix deferred", "package_name": "openshift/mirror-registry-rhel8", "product_name": "mirror registry for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:mirror_registry:2", "fix_state": "Fix deferred", "package_name": "openshift/mirror-registry-rhel8", "product_name": "mirror registry for Red Hat OpenShift 2"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Fix deferred", "package_name": "quay/quay-rhel8", "product_name": "Red Hat Quay 3"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Fix deferred", "package_name": "quay/quay-rhel9", "product_name": "Red Hat Quay 3"}], "public_date": "2026-03-03T19:28:15Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-2376\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-2376"], "threat_severity": "Moderate"}