CVE-2026-32591

Description

A flaw was found in Red Hat Quay's Proxy Cache configuration feature. When an organization administrator configures an upstream registry for proxy caching, Quay makes a network connection to the specified registry hostname without verifying that it points to a legitimate external service. An attacker with organization administrator privileges could supply a crafted hostname to force the Quay server to make requests to internal network services, cloud infrastructure endpoints, or other resources that should not be accessible from the Quay application.

References

• https://access.redhat.com/security/cve/CVE-2026-32591
• https://bugzilla.redhat.com/show_bug.cgi?id=2446965