CVE-2026-10517
ADVISORY - githubSummary
A flaw was found in Clair. The fetcher component makes outbound HTTP requests to attacker-supplied URIs from manifest layer descriptors without IP or scheme filtering. When PSK authentication is not configured (opt-in, not enforced by default), an unauthenticated attacker can submit a manifest with a URI pointing to internal services or cloud metadata endpoints. The SSRF is reflective for non-200 responses, leaking up to 256 bytes of error body content via CheckResponse error messages. Operator-managed Red Hat Quay deployments auto-configure PSK and are not exposed to the unauthenticated attack vector.
EPSS Score: 0.00292 (0.210)
Common Weakness Enumeration (CWE)
ADVISORY - nist
Server-Side Request Forgery (SSRF)
ADVISORY - github
Server-Side Request Forgery (SSRF)
NIST
CREATED
UPDATED
ADVISORY IDCVE-2026-10517
EXPLOITABILITY SCORE
3.9
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
5.8mediumGitHub
CREATED
UPDATED
ADVISORY IDGHSA-698x-9w2p-7vvp
EXPLOITABILITY SCORE
3.9
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)