CVE-2026-10078— Quay/config-tool: quay/config-tool: gitlab oauth client_secret exposed in url querystring
Possible ATT&CK Techniques 2AI
T1530 · Data from Cloud Storage T1190 · Exploit Public-Facing ApplicationAffected Version Matrix 2
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Red Hat | Red Hat Quay 3 | any | affected |
any | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-10078
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Quay/config-tool: quay/config-tool: gitlab oauth client_secret exposed in url querystring
Source: NVD (National Vulnerability Database)
Vulnerability Description
A flaw was found in the Quay config-tool's GitLab OAuth validator. This vulnerability causes sensitive credentials, specifically client_id and client_secret, to be transmitted as plaintext in URL query parameters during POST requests to the GitLab endpoint. This insecure transmission can lead to the disclosure of these credentials in various system logs, such as server access logs, reverse proxy logs, and other monitoring systems. An attacker with access to these logs could potentially obtain these credentials, leading to unauthorized information disclosure.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
通过GET请求中的查询字符串导致的信息暴露
Source: NVD (National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Red Hat | Red Hat Quay 3 | - | cpe:/a:redhat:quay:3 | |
| Red Hat | Red Hat Quay 3 | - | cpe:/a:redhat:quay:3 |
II. Public POCs for CVE-2026-10078
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-10078
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-10078 (1)
Other References for CVE-2026-10078 (1)
Same Patch Batch · Red Hat · 2026-05-29 · 6 CVEs total
| CVE-2026-42965 | 7.7 HIGH | Openshift/router: openshift/router: cloud metadata ssrf via fqdn-typed endpointslice bypas |
| CVE-2026-46579 | 7.4 HIGH | Openshift/router: openshift/router: mtls client certificate spoofing via unstripped x-ssl- |
| CVE-2026-10101 | 6.3 MEDIUM | Assisted-service: assisted-service: infraenv status leaks referenced pull-secret contents |
| CVE-2026-6324 | 4.8 MEDIUM | Libsoup: libsoup: http request smuggling via unsigned to signed conversion error |
| CVE-2026-10052 | 4.1 MEDIUM | Quay/config-tool: quay/config-tool: ssrf via unfiltered ldap and smtp config validation en |
IV. Related Vulnerabilities
Same product: Red Hat Quay 3
- CVE-2026-10052
Quay/config-tool: quay/config-tool: ssrf via unfiltered ldap - CVE-2026-6848
Quay: red hat quay: authentication bypass allows privileged - CVE-2024-5891
Quay: unauthorized user may authenticate via oauth applicati - CVE-2023-4956
Quay: clickjacking on config-editor page severity - CVE-2023-4959
Quay: cross-site request forgery (csrf) on config-editor pag
Same vendor: Red Hat
- CVE-2026-10101
Assisted-service: assisted-service: infraenv status leaks re - CVE-2026-42965
Openshift/router: openshift/router: cloud metadata ssrf via - CVE-2026-46579
Openshift/router: openshift/router: mtls client certificate - CVE-2026-10052
Quay/config-tool: quay/config-tool: ssrf via unfiltered ldap - CVE-2026-6324
Libsoup: libsoup: http request smuggling via unsigned to sig
Same weakness: CWE-598
- CVE-2026-44883
Portainer: JWT accepted in URL query leaks tokens to logs an - CVE-2026-2237
Synology DSM 安全漏洞 - CVE-2025-62317
HCL AION is affected by a vulnerability where sensitive info - CVE-2026-43875
WWBN AVideo: Password Hash Leaked in MobileManager OAuth Red - CVE-2026-34020
Apache OpenMeetings: Login Credentials Passed via GET Query
V. Comments for CVE-2026-10078
No comments yet