{
  "threat_severity" : "Moderate",
  "public_date" : "2026-04-08T00:00:00Z",
  "bugzilla" : {
    "description" : "mirror-registry: remote code execution using pickle deserialization",
    "id" : "2446964",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2446964"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.1",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-502",
  "details" : [ "A flaw was found in Red Hat Quay's handling of resumable container image layer uploads. The upload process stores intermediate data in the database using a format that, if tampered with, could allow an attacker to execute arbitrary code on the Quay server.", "A flaw was found in Red Hat Quay's handling of resumable container image layer uploads. The upload process stores intermediate data in the database using a format that, if tampered with, could allow an attacker to execute arbitrary code on the Quay server." ],
  "statement" : "Exploitation requires valid login credentials. The attacker must be authenticated to the registry, either through the web interface or through a container tool such as Podman.",
  "acknowledgement" : "Red Hat would like to thank Antony Di Scala and Michael Whale for reporting this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat Quay 3.16",
    "release_date" : "2026-05-19T00:00:00Z",
    "advisory" : "RHSA-2026:19375",
    "cpe" : "cpe:/a:redhat:quay:3.16::el9",
    "package" : "quay/quay-rhel9:1779204086"
  } ],
  "package_state" : [ {
    "product_name" : "mirror registry for Red Hat OpenShift",
    "fix_state" : "Will not fix",
    "package_name" : "openshift/mirror-registry-rhel8",
    "cpe" : "cpe:/a:redhat:mirror_registry:1"
  }, {
    "product_name" : "mirror registry for Red Hat OpenShift 2",
    "fix_state" : "Affected",
    "package_name" : "openshift/mirror-registry-rhel8",
    "cpe" : "cpe:/a:redhat:mirror_registry:2"
  }, {
    "product_name" : "Red Hat Quay 3",
    "fix_state" : "Affected",
    "package_name" : "quay/quay-rhel8",
    "cpe" : "cpe:/a:redhat:quay:3"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-32590\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-32590" ],
  "name" : "CVE-2026-32590",
  "csaw" : false
}