CVE-2026-10052

Description

A flaw was found in the Quay config-tool's LDAP and SMTP validation functions. An attacker with config editor access can exploit these functions, which make outbound connections to user-supplied endpoints without proper IP or host filtering. This allows the attacker to perform internal network reconnaissance from the Quay pod's network position, potentially mapping the internal network infrastructure.

References

• https://access.redhat.com/security/cve/CVE-2026-10052
• https://bugzilla.redhat.com/show_bug.cgi?id=2483157