PatchSiren cyber security CVE debrief
CVE-2026-10517 Red Hat CVE debrief
A Server-Side Request Forgery (SSRF) vulnerability exists in Clair's fetcher component. The flaw allows unauthenticated attackers to induce outbound HTTP requests to attacker-supplied URIs derived from manifest layer descriptors, without IP address or URI scheme filtering. When Pre-Shared Key (PSK) authentication is not configured—a state that is opt-in and not enforced by default—an attacker can submit a crafted manifest with a URI targeting internal services or cloud metadata endpoints. The SSRF operates in a reflective capacity for non-200 responses, leaking up to 256 bytes of error body content through CheckResponse error messages. Operator-managed Red Hat Quay deployments are not affected because they automatically configure PSK, which closes the unauthenticated attack vector. The vulnerability is classified as CWE-918 (Server-Side Request Forgery) and carries a CVSS 3.1 score of 5.8 (MEDIUM severity).
- Vendor
- Red Hat
- Product
- Red Hat Quay 3
- CVSS
- MEDIUM 5.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-01
- Original CVE updated
- 2026-06-01
- Advisory published
- 2026-06-01
- Advisory updated
- 2026-06-01
Who should care
Organizations running Clair for container image vulnerability scanning, particularly self-managed deployments without PSK authentication enabled. Cloud-hosted and Kubernetes-based deployments where Clair has network access to internal services or cloud metadata endpoints are at elevated risk. Red Hat Quay operator-managed deployments are not affected but should verify configuration.
Technical summary
The vulnerability resides in Clair's fetcher component, which processes manifest layer descriptors to retrieve remote content. The component fails to validate or filter the URI scheme and destination IP address before initiating outbound HTTP requests. An unauthenticated attacker can supply a malicious manifest containing a layer descriptor URI pointing to internal infrastructure, including cloud metadata services (e.g., 169.254.169.254). The fetcher's CheckResponse error handling reflects up to 256 bytes of non-200 response body content back to the attacker, creating a limited information disclosure channel. The attack requires PSK authentication to be absent or disabled; this is the default state since PSK is opt-in. Operator-managed Red Hat Quay environments mitigate this by automatically enabling PSK.
Defensive priority
medium
Recommended defensive actions
- Enable and configure Pre-Shared Key (PSK) authentication for Clair deployments to eliminate the unauthenticated attack vector
- Implement egress filtering and network segmentation to restrict Clair fetcher outbound connectivity to trusted registries and required endpoints only
- Deploy IP and URI scheme validation on manifest layer descriptors before fetcher processing to block internal addresses, link-local ranges, and non-HTTP(S) schemes
- Monitor for anomalous manifest submissions and unexpected outbound HTTP requests from Clair components as potential exploitation indicators
- Review cloud metadata endpoint exposure (e.g., 169.254.169.254, instance metadata services) and apply metadata access controls at the infrastructure layer
- Upgrade to a patched Clair version when available from the vendor
- For Red Hat Quay deployments, verify operator-managed configuration to confirm PSK is active
Evidence notes
CVE description states the fetcher component makes outbound HTTP requests to attacker-supplied URIs without IP or scheme filtering. PSK authentication is described as opt-in and not enforced by default, enabling unauthenticated attack. Operator-managed Red Hat Quay deployments are explicitly noted as auto-configuring PSK and not exposed. CVSS vector AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N yields score 5.8. CWE-918 assigned by [email protected].
Official resources
-
CVE-2026-10517 CVE record
CVE.org
-
CVE-2026-10517 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
2026-06-01