Published April 8, 2026 · Updated April 9, 2026
CVE-2026-32589 is a high-severity vulnerability in Red Hat Quay that allows an authenticated user with push access to interfere with ongoing image uploads by other users, including those outside their own repositories. An attacker could potentially read, modify, or cancel uploads, compromising the integrity of container images. Security teams should apply the latest patches from Red Hat for Quay to mitigate this risk and ensure that access controls are strictly enforced.
A flaw was found in Red Hat Quay's container image upload process. An authenticated user with push access to any repository on the registry can interfere with image uploads in progress by other users, including those in repositories they do not have access to. This could allow the attacker to read, modify, or cancel another user's in-progress image upload.
CVE-2026-32589 affects Red Hat Quay, allowing authenticated users with push access to interfere with other users' image uploads, with risks of unauthorized reads, modifications, or cancellations.