Vulnerabilities ›

CVE-2026-32590

High

CWE-502 — Weakness Type

                    Published: Apr 8, 2026                      ·  Modified: Apr 15, 2026                      ·  Source: NVD                

CVSS v3

7.1

🔗 NVD Official

📄 Description (English)

A flaw was found in Red Hat Quay's handling of resumable container image layer uploads. The upload process stores intermediate data in the database using a format that, if tampered with, could allow an attacker to execute arbitrary code on the Quay server.

🤖 AI Executive Summary

CVE-2026-32590 is a critical vulnerability in Red Hat Quay's resumable container image layer upload functionality that allows arbitrary code execution through database tampering. Attackers can manipulate intermediate upload data to execute malicious code on the Quay server.

📄 Description (Arabic)

ثغرة في معالجة Red Hat Quay لعمليات رفع طبقات الصور الحاوية القابلة للاستئناف تسمح بتنفيذ كود عشوائي. يمكن للمهاجمين التلاعب بالبيانات الوسيطة المخزنة في قاعدة البيانات لتنفيذ أوامر ضارة على خادم Quay.

🤖 ملخص تنفيذي (AI)

A vulnerability in Red Hat Quay's container image upload process allows attackers to execute arbitrary code by tampering with database-stored intermediate data. This affects organizations using Quay for container image management and distribution.

🤖 AI Intelligence Analysis Analyzed: May 9, 2026 22:18

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: high

🏢 Affected Saudi Sectors

banking telecom energy government healthcare

🎯 MITRE ATT&CK Techniques

T1190 T1059 T1190

⚖️ Saudi Risk Score (AI)

8.0

/ 10.0

🔧 Remediation Steps (English)

Immediately update Red Hat Quay to the latest patched version. Implement strict database access controls and monitor for suspicious upload activities. Validate and sanitize all resumable upload data before processing. Restrict container registry access to authorized users only.

🔧 خطوات المعالجة (العربية)

قم بتحديث Red Hat Quay فوراً إلى أحدث إصدار معدل. طبق ضوابط صارمة على الوصول إلى قاعدة البيانات ومراقبة الأنشطة المريبة. تحقق من صحة جميع بيانات الرفع القابلة للاستئناف قبل معالجتها. قيد الوصول إلى سجل الحاويات للمستخدمين المصرح لهم فقط.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

A.1.1 A.2.1 A.3.1 A.4.1

🔵 SAMA CSF

ID.BE-1 PR.AC-1 PR.DS-2 DE.CM-1

🟡 ISO 27001:2022

A.5.1.1 A.6.1.1 A.9.1.1 A.12.2.1

🔗 References & Sources 2

🔗

https://access.redhat.com/security/cve/CVE-2026-32590

secalert@redhat.com

🔗

https://bugzilla.redhat.com/show_bug.cgi?id=2446964

secalert@redhat.com

📊 CVSS Score

7.1

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Attack VectorN — None / Network

Attack ComplexityH — High

Privileges RequiredL — Low / Local

User InteractionR — Required

ScopeU — Unchanged

ConfidentialityH — High

IntegrityH — High

AvailabilityH — High

📋 Quick Facts

Severity High

CVSS Score7.1

CWECWE-502

EPSS0.06%

Exploit No

Patch ✗ No

Published 2026-04-08

Source Feed nvd

🇸🇦 Saudi Risk Score

8.0

/ 10.0 — Saudi Risk

Priority: CRITICAL

🏷️ Tags

CWE-502

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2026-32590

💬 Comments

Introduce Yourself

Sign In Required