What is GHSA-7fjh-cgxv-cjc6?

GHSA-7fjh-cgxv-cjc6 is a security advisory published by GitHub Security Advisories with High severity. A flaw was found in Red Hat Quay's container image upload process. An authenticated user with...

Which CVE IDs does GHSA-7fjh-cgxv-cjc6 cover?

GHSA-7fjh-cgxv-cjc6 covers the following CVE IDs: CVE-2026-32589. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-7fjh-cgxv-cjc6?

GHSA-7fjh-cgxv-cjc6 has a CVSS v3 base score of 7.1, published by GitHub Security Advisories.

GHSA-7fjh-cgxv-cjc6HighCVSS 7.1

A flaw was found in Red Hat Quay's container image upload process. An authenticated user with...

Vendor

GitHub Security Advisories

Published

April 8, 2026

Last Modified

May 20, 2026

🔗 CVE IDs covered (1)

CVE-2026-32589 →

📋 Description

A flaw was found in Red Hat Quay's container image upload process. An authenticated user with push access to any repository on the registry can interfere with image uploads in progress by other users, including those in repositories they do not have access to. This could allow the attacker to read, modify, or cancel another user's in-progress image upload.

🔗 References (5)

https://nvd.nist.gov/vuln/detail/CVE-2026-32589
https://access.redhat.com/security/cve/CVE-2026-32589
https://bugzilla.redhat.com/show_bug.cgi?id=2446963
https://access.redhat.com/errata/RHSA-2026:19375
https://github.com/advisories/GHSA-7fjh-cgxv-cjc6