Security Advisory

CVE-2026-2377

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-04-08 16:26:07
Last updated 2026-07-01 12:04:54
Assigner redhat
State PUBLISHED

Description

A flaw was found in Red Hat Quay and mirror registry for Red Hat OpenShift. The log export feature in these products allows an authenticated user to specify an arbitrary callback URL. A backend process then makes server-side HTTP requests to this provided URL. This vulnerability, known as Server-Side Request Forgery (SSRF), could allow an attacker to send requests from the applications internal network, potentially leading to the disclosure of sensitive information.