PatchSiren

distribution CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH distribution CVE published 2026-04-06

CVE-2026-35172

CVE-2026-35172 is a high-severity vulnerability in the Distribution toolkit, which enables restored read access to deleted container content under specific configurations. The vulnerability arises when both storage.cache.blobdescriptor: redis and storage.delete.enabled: true are enabled, allowing an attacker to access deleted blobs from a different repository. This issue was fixed in version 3.1.0 of the [truncated]