CVE-2026-10052NVD

Vulnerability Summary

A flaw was found in the Quay config-tool's LDAP and SMTP validation functions. An attacker with config editor access can exploit these functions, which make outbound connections to user-supplied endpoints without proper IP or host filtering. This allows the attacker to perform internal network reconnaissance from the Quay pod's network position, potentially mapping the internal network infrastructure.

Severity Level

MEDIUM(4.1)

Published Date

May 29, 2026

Last Modified

May 29, 2026

Exploitation Status

UNKNOWN

Root Weakness (CWE)

CWE-918: Unknown/Unlisted Weakness ↗

Refer to the official MITRE database for detailed architectural specifications regarding this weakness.

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredHigh

User InteractionNone

ScopeChanged

ConfidentialityLow

IntegrityNone

AvailabilityNone

External References

https://access.redhat.com/security/cve/CVE-2026-10052
https://bugzilla.redhat.com/show_bug.cgi?id=2483157