📧 info@ciso.sa | 📱 +966550939344 | Riyadh, Kingdom of Saudi Arabia
About FAQ Contact Us Terms of Service Privacy Policy 🌐 العربية
🔐

Welcome — Sign in or create an account for full access.

🔑 Sign In ✨ Register
🌐 العربية Sign In Create Account
🔧 Scheduled Maintenance — Saturday 2:00-4:00 AM AST. Some features may be temporarily unavailable.    ●   
💎
Pro Plan 50% Off Unlock all AI features, unlimited reports, and priority support. Upgrade
Search Center
ESC to close
navigate open Ctrl+K search
CISO Consulting
Global general All MEDIUM 1h Global general All MEDIUM 1h Global general All MEDIUM 2h Global general Cybersecurity and IT Services LOW 3h Global data_breach Information Technology and Network Infrastructure CRITICAL 4h Global malware Web Hosting and Content Management HIGH 4h Global vulnerability Consumer Electronics and Technology HIGH 4h Global vulnerability Information Technology / Government CRITICAL 6h Global ransomware Multiple sectors CRITICAL 12h Global supply_chain Pharmaceutical/Software Development CRITICAL 14h Global general All MEDIUM 1h Global general All MEDIUM 1h Global general All MEDIUM 2h Global general Cybersecurity and IT Services LOW 3h Global data_breach Information Technology and Network Infrastructure CRITICAL 4h Global malware Web Hosting and Content Management HIGH 4h Global vulnerability Consumer Electronics and Technology HIGH 4h Global vulnerability Information Technology / Government CRITICAL 6h Global ransomware Multiple sectors CRITICAL 12h Global supply_chain Pharmaceutical/Software Development CRITICAL 14h Global general All MEDIUM 1h Global general All MEDIUM 1h Global general All MEDIUM 2h Global general Cybersecurity and IT Services LOW 3h Global data_breach Information Technology and Network Infrastructure CRITICAL 4h Global malware Web Hosting and Content Management HIGH 4h Global vulnerability Consumer Electronics and Technology HIGH 4h Global vulnerability Information Technology / Government CRITICAL 6h Global ransomware Multiple sectors CRITICAL 12h Global supply_chain Pharmaceutical/Software Development CRITICAL 14h
Vulnerabilities

CVE-2026-32591

Medium
CWE-918 — Weakness Type
Published: Apr 8, 2026  ·  Modified: Apr 11, 2026  ·  Source: NVD
CVSS v3
5.2
🔗 NVD Official
📄 Description (English)

A flaw was found in Red Hat Quay's Proxy Cache configuration feature. When an organization administrator configures an upstream registry for proxy caching, Quay makes a network connection to the specified registry hostname without verifying that it points to a legitimate external service. An attacker with organization administrator privileges could supply a crafted hostname to force the Quay server to make requests to internal network services, cloud infrastructure endpoints, or other resources that should not be accessible from the Quay application.

🤖 AI Executive Summary

CVE-2026-32591 is a Server-Side Request Forgery (SSRF) vulnerability in Red Hat Quay's Proxy Cache configuration that allows organization administrators to redirect internal network requests to unauthorized services. With a CVSS score of 5.2, this medium-severity flaw enables attackers with admin privileges to access internal resources, cloud metadata endpoints, or sensitive infrastructure. No patch is currently available, requiring immediate compensating controls in Saudi organizations using Quay.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: May 30, 2026 06:55
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability primarily impacts Saudi organizations in the technology and cloud infrastructure sectors that deploy Red Hat Quay for container registry management, including: (1) Government entities (NCA, CITC) using Quay for application deployment; (2) Banking and financial institutions (SAMA-regulated banks) leveraging containerized services; (3) Telecommunications providers (STC, Mobily) managing container infrastructure; (4) Energy sector organizations (ARAMCO, downstream companies) using Quay for DevOps pipelines. The SSRF vulnerability could expose internal network topology, cloud credentials, and sensitive infrastructure endpoints to privileged insiders.
🏢 Affected Saudi Sectors
Government (NCA, CITC) Banking and Financial Services (SAMA-regulated) Telecommunications (STC, Mobily) Energy (ARAMCO, downstream) Technology and Cloud Services Healthcare (MNGHA-regulated)
⚖️ Saudi Risk Score (AI)
6.8
/ 10.0
🔧 Remediation Steps (English)
Immediate Actions:

1. Audit all Quay organization administrators and review Proxy Cache configurations for suspicious upstream registry hostnames

2. Implement network segmentation to restrict Quay server outbound connections to only legitimate external registries

3. Deploy Web Application Firewall (WAF) rules to block requests to private IP ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) and cloud metadata endpoints (169.254.169.254)

4. Enable comprehensive logging of all Proxy Cache configuration changes and network connections



Compensating Controls:

5. Restrict organization administrator role to trusted personnel only; implement MFA for admin accounts

6. Use network policies/security groups to prevent Quay from accessing internal services and cloud metadata endpoints

7. Monitor outbound connections from Quay servers for anomalous destinations

8. Implement DNS filtering to prevent resolution of internal hostnames from Quay containers



Detection Rules:

9. Alert on Proxy Cache configuration changes by non-standard administrators

10. Monitor for HTTP requests from Quay to private IP ranges or 169.254.x.x addresses

11. Track failed connection attempts to internal services from Quay processes
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:

1. تدقيق جميع مسؤولي منظمة Quay ومراجعة تكوينات Proxy Cache للبحث عن أسماء مضيفين مريبة

2. تنفيذ تقسيم الشبكة لتقييد اتصالات Quay الصادرة إلى السجلات الخارجية الشرعية فقط

3. نشر قواعد جدار الحماية (WAF) لحظر الطلبات إلى نطاقات IP الخاصة ونقاط نهاية البيانات الوصفية للسحابة

4. تفعيل تسجيل شامل لجميع تغييرات تكوين Proxy Cache والاتصالات الشبكية



الضوابط التعويضية:

5. تقييد دور مسؤول المنظمة للموظفين الموثوقين فقط؛ تنفيذ المصادقة متعددة العوامل

6. استخدام سياسات الشبكة لمنع Quay من الوصول إلى الخدمات الداخلية

7. مراقبة الاتصالات الصادرة من خوادم Quay للوجهات الشاذة

8. تنفيذ تصفية DNS لمنع حل أسماء المضيفين الداخلية



قواعد الكشف:

9. تنبيهات عند تغيير تكوين Proxy Cache

10. مراقبة طلبات HTTP من Quay إلى نطاقات IP الخاصة

11. تتبع محاولات الاتصال الفاشلة من عمليات Quay
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC 2024 A.8.1 - Asset Management and Inventory Control ECC 2024 A.8.3 - Network Security and Segmentation ECC 2024 A.9.1 - Access Control and Authentication ECC 2024 A.12.4 - Logging and Monitoring
🔵 SAMA CSF
SAMA CSF ID.AM-1 - Physical and Cyber Assets SAMA CSF PR.AC-1 - Access Control SAMA CSF PR.AC-3 - Access Enforcement SAMA CSF DE.CM-1 - Network Monitoring
🟡 ISO 27001:2022
ISO 27001:2022 A.5.15 - Access Control ISO 27001:2022 A.8.1 - User Endpoint Devices ISO 27001:2022 A.8.22 - Monitoring ISO 27001:2022 A.8.23 - Web Filtering
🟣 PCI DSS v4.0.1
PCI DSS 1.3 - Network Segmentation PCI DSS 6.2 - Security Patches PCI DSS 7.1 - Access Control PCI DSS 10.3 - Logging and Monitoring
📊 CVSS Score
5.2
/ 10.0 — Medium
📊 CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N
Attack VectorN — None / Network
Attack ComplexityL — Low / Local
Privileges RequiredH — High
User InteractionR — Required
ScopeU — Unchanged
ConfidentialityH — High
IntegrityL — Low / Local
AvailabilityN — None / Network
📋 Quick Facts
Severity Medium
CVSS Score5.2
CWECWE-918
EPSS0.03%
Exploit No
Patch ✗ No
Published 2026-04-08
Source Feed nvd
Views 4
🇸🇦 Saudi Risk Score
6.8
/ 10.0 — Saudi Risk
Priority: HIGH
🏷️ Tags
CWE-918
⚡ Actions
🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details
Share this CVE
LinkedIn X / Twitter WhatsApp Telegram

💬 Comments

0
Loading comments
📣 Found this valuable?
Share it with your cybersecurity network
in LinkedIn 𝕏 X / Twitter 💬 WhatsApp ✈ Telegram
🍪 Privacy Preferences
CISO Consulting — Compliant with Saudi Personal Data Protection Law (PDPL)
We use cookies and similar technologies to provide the best experience on our platform. You can choose which types you accept.
🔒
Essential Always On
Required for the website to function properly. Cannot be disabled.
📋 Sessions, CSRF tokens, authentication, language preferences
📊
Analytics
Help us understand how visitors use the site and improve performance.
📋 Page views, session duration, traffic sources, performance metrics
⚙️
Functional
Enable enhanced features like content personalization and preferences.
📋 Dark/light theme, font size, custom dashboards, saved filters
📣
Marketing
Used to deliver content and ads relevant to your interests.
📋 Campaign tracking, retargeting, social media analytics
Privacy Policy →
CISO AI Assistant
Ask anything · Documents · Support
🔐

Introduce Yourself

Enter your details to access the full assistant

Your info is private and never shared
💬
CyberAssist
Online · responds in seconds
5 / 5
🔐 Verify Your Identity

Enter your email to receive a verification code before submitting a support request.

Enter to send · / for commands 0 / 2000
CISO AI · Powered by Anthropic Claude
✦ Quick Survey Help Us Improve CISO Consulting Your feedback shapes the future of our platform — takes less than 2 minutes.
⚠ Please answer this question to continue

How would you rate your overall experience with our platform?

Rate from 1 (poor) to 5 (excellent)

🎉
Thank you!
Your response has been recorded.