{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/quay/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":7.1,"id":"CVE-2026-32589"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["medium"],"_cs_tags":["quay","image upload","vulnerability"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-32589 identifies a flaw within the container image upload process of Red Hat Quay. An authenticated user, possessing push access to at least one repository within the Quay registry, can exploit this vulnerability to disrupt image uploads initiated by other users. The scope of this interference extends to uploads occurring in repositories where the attacker lacks explicit access privileges. This vulnerability allows a malicious actor to potentially read, modify, or even cancel another user\u0026rsquo;s active image upload. This issue poses a significant risk to the integrity and confidentiality of container images stored within the registry, especially in multi-tenant environments.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker authenticates to the Red Hat Quay registry with valid credentials and push access to at least one repository.\u003c/li\u003e\n\u003cli\u003eAttacker identifies an ongoing image upload by another user to a different repository.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious request that exploits the vulnerability in the image upload process. This request targets the upload session of the victim user.\u003c/li\u003e\n\u003cli\u003eThe malicious request interferes with the victim\u0026rsquo;s upload session, potentially by manipulating metadata or data chunks.\u003c/li\u003e\n\u003cli\u003eIf successful, the attacker gains the ability to read parts of the image being uploaded.\u003c/li\u003e\n\u003cli\u003eThe attacker can also modify the uploaded image, injecting malicious code or altering existing data.\u003c/li\u003e\n\u003cli\u003eAlternatively, the attacker can cancel the image upload, preventing the victim user from completing the process.\u003c/li\u003e\n\u003cli\u003eThe compromised or incomplete image is then used by other users, leading to potential supply chain attacks or service disruptions.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-32589 allows an attacker to compromise the integrity and confidentiality of container images stored within Red Hat Quay. This could lead to supply chain attacks, where malicious code is injected into container images and subsequently deployed across various systems. The impact includes potential data breaches, service disruptions, and unauthorized access to sensitive information. In multi-tenant environments, this vulnerability enables cross-tenant access, allowing attackers to compromise container images belonging to other organizations.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the patch or upgrade to the latest version of Red Hat Quay as recommended by Red Hat to address CVE-2026-32589 (\u003ca href=\"https://access.redhat.com/security/cve/CVE-2026-32589)\"\u003ehttps://access.redhat.com/security/cve/CVE-2026-32589)\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eImplement strict access control policies for Red Hat Quay repositories to minimize the potential impact of compromised accounts.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule provided below to monitor for suspicious activity related to image uploads and modifications on the Quay registry.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-08T18:25:59Z","date_published":"2026-04-08T18:25:59Z","id":"/briefs/2026-04-quay-upload-vuln/","summary":"CVE-2026-32589 describes a vulnerability in Red Hat Quay's container image upload process where an authenticated user can interfere with other users' uploads, potentially leading to unauthorized access and modification.","title":"Red Hat Quay Image Upload Interference Vulnerability (CVE-2026-32589)","url":"https://feed.craftedsignal.io/briefs/2026-04-quay-upload-vuln/"}],"language":"en","title":"CraftedSignal Threat Feed — Quay","version":"https://jsonfeed.org/version/1.1"}