CVE-2026-10052— Quay/config-tool: quay/config-tool: ssrf via unfiltered ldap and smtp config validation endpoints
Affected Version Matrix 2
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Red Hat | Red Hat Quay 3 | any | affected |
any | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-10052
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Quay/config-tool: quay/config-tool: ssrf via unfiltered ldap and smtp config validation endpoints
Source: NVD (National Vulnerability Database)
Vulnerability Description
A flaw was found in the Quay config-tool's LDAP and SMTP validation functions. An attacker with config editor access can exploit these functions, which make outbound connections to user-supplied endpoints without proper IP or host filtering. This allows the attacker to perform internal network reconnaissance from the Quay pod's network position, potentially mapping the internal network infrastructure.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
服务端请求伪造(SSRF)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Red Hat Quay 代码问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Red Hat Quay是美国红帽(Red Hat)公司的一个容器镜像仓库平台。 Red Hat Quay存在代码问题漏洞,该漏洞源于config-tool的LDAP和SMTP验证函数未过滤IP或主机,可能导致配置编辑器访问者进行内部网络侦察。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Red Hat | Red Hat Quay 3 | - | cpe:/a:redhat:quay:3 | |
| Red Hat | Red Hat Quay 3 | - | cpe:/a:redhat:quay:3 |
II. Public POCs for CVE-2026-10052
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-10052
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-10052 (2)
Same Patch Batch · Red Hat · 2026-05-29 · 6 CVEs total
| CVE-2026-42965 | 7.7 HIGH | Openshift/router: openshift/router: cloud metadata ssrf via fqdn-typed endpointslice bypas |
| CVE-2026-46579 | 7.4 HIGH | Openshift/router: openshift/router: mtls client certificate spoofing via unstripped x-ssl- |
| CVE-2026-10101 | 6.3 MEDIUM | Assisted-service: assisted-service: infraenv status leaks referenced pull-secret contents |
| CVE-2026-6324 | 4.8 MEDIUM | Libsoup: libsoup: http request smuggling via unsigned to signed conversion error |
| CVE-2026-10078 | 2.7 LOW | Quay/config-tool: quay/config-tool: gitlab oauth client_secret exposed in url querystring |
IV. Related Vulnerabilities
Same product: Red Hat Quay 3
- CVE-2026-11569
Quay: quay: stored xss via filedrop svg upload - CVE-2026-10517
Clair: clair: unauthenticated ssrf via manifest layer uri en - CVE-2026-10078
Quay/config-tool: quay/config-tool: gitlab oauth client_secr - CVE-2026-6848
Quay: red hat quay: authentication bypass allows privileged - CVE-2024-5891
Quay: unauthorized user may authenticate via oauth applicati
Same vendor: Red Hat
- CVE-2026-12726
Awx: automation-controller: awx: github webhook second-order - CVE-2026-56211
Libaom: libaom: remote code execution via svc layer context - CVE-2026-56210
Libaom: libaom: heap-buffer-overflow read via missing bounds - CVE-2026-56209
Libaom: libaom: arbitrary address write via svc layer contex - CVE-2026-56208
Libaom: libaom: heap buffer overflow in av1 encoder first-pa
Same weakness: CWE-918
- CVE-2026-49345
Mercator CVE Configuration Vulnerable to Server-Side Request - CVE-2026-12726
Awx: automation-controller: awx: github webhook second-order - CVE-2026-49359
PhpWeasyPrint vulnerable to SSRF and local file disclosure v - CVE-2026-11989
Bit integrations <= 2.8.7 - Unauthenticated Server-Side Requ - CVE-2026-4328
Advanced Import: One-Click Demo Import for WordPress <= 1.4.
V. Comments for CVE-2026-10052
No comments yet