Sign In

CVE-2026-21726

ADVISORY - github

Summary

The CVE-2021-36156 fix validates the namespace parameter for path traversal sequences after a single URL decode, by double encoding, an attacker can read files at the Ruler API endpoint /loki/api/v1/rules/{namespace}

Thanks to Prasanth Sundararajan for reporting this vulnerability.

EPSS Score: 0.00015 (0.033)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

ADVISORY - github

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

Impacted images

Advisories
Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.

Sign in