Detections
Analytics

CVE-2026-10052

medium

Description

A flaw was found in the Quay config-tool's LDAP and SMTP validation functions. An attacker with config editor access can exploit these functions, which make outbound connections to user-supplied endpoints without proper IP or host filtering. This allows the attacker to perform internal network reconnaissance from the Quay pod's network position, potentially mapping the internal network infrastructure.

References

https://bugzilla.redhat.com/show_bug.cgi?id=2483157

https://access.redhat.com/security/cve/CVE-2026-10052

Details

Source: Mitre, NVD

Published: 2026-05-29

Updated: 2026-05-29

Risk Information

CVSS v2

Base Score: 3.3

Vector: CVSS2#AV:N/AC:L/Au:M/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 4.1

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N

Severity: Medium

EPSS

EPSS: 0.00023