{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-6848", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2026-04-22T08:54:17.842Z", "datePublished": "2026-04-22T09:06:19.958Z", "dateUpdated": "2026-04-22T12:55:24.902Z"}, "containers": {"cna": {"title": "Quay: red hat quay: authentication bypass allows privileged actions without valid credentials", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in Red Hat Quay. When Red Hat Quay requests password re-verification for sensitive operations, such as token generation or robot account creation, the re-authentication prompt can be bypassed. This allows a user with a timed-out session, or an attacker with access to an idle authenticated browser session, to perform privileged actions without providing valid credentials. The vulnerability enables unauthorized execution of sensitive operations despite the user interface displaying an error for invalid credentials."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat Quay 3", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "quay/quay-rhel8", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:quay:3"]}, {"vendor": "Red Hat", "product": "Red Hat Quay 3", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "quay/quay-rhel9", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:quay:3"]}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-6848", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460119", "name": "RHBZ#2460119", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2026-04-10T00:00:00.000Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-613", "description": "Insufficient Session Expiration", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-613: Insufficient Session Expiration", "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}], "timeline": [{"lang": "en", "time": "2026-04-10T00:00:00.000Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-04-10T00:00:00.000Z", "value": "Made public."}], "credits": [{"lang": "en", "value": "This issue was discovered by Davide Scrimieri (Red Hat)."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-04-22T09:06:19.958Z"}, "x_generator": {"engine": "cvelib 1.8.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-22T12:55:17.431562Z", "id": "CVE-2026-6848", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-22T12:55:24.902Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-6848", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-22T12:55:17.431562Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-22T12:55:21.648Z"}}], "cna": {"title": "Quay: red hat quay: authentication bypass allows privileged actions without valid credentials", "credits": [{"lang": "en", "value": "This issue was discovered by Davide Scrimieri (Red Hat)."}], "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}], "affected": [{"cpes": ["cpe:/a:redhat:quay:3"], "vendor": "Red Hat", "product": "Red Hat Quay 3", "packageName": "quay/quay-rhel8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:quay:3"], "vendor": "Red Hat", "product": "Red Hat Quay 3", "packageName": "quay/quay-rhel9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}], "timeline": [{"lang": "en", "time": "2026-04-10T00:00:00.000Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-04-10T00:00:00.000Z", "value": "Made public."}], "datePublic": "2026-04-10T00:00:00.000Z", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-6848", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460119", "name": "RHBZ#2460119", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}], "x_generator": {"engine": "cvelib 1.8.0"}, "descriptions": [{"lang": "en", "value": "A flaw was found in Red Hat Quay. When Red Hat Quay requests password re-verification for sensitive operations, such as token generation or robot account creation, the re-authentication prompt can be bypassed. This allows a user with a timed-out session, or an attacker with access to an idle authenticated browser session, to perform privileged actions without providing valid credentials. The vulnerability enables unauthorized execution of sensitive operations despite the user interface displaying an error for invalid credentials."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-613", "description": "Insufficient Session Expiration"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-04-22T09:06:19.958Z"}, "x_redhatCweChain": "CWE-613: Insufficient Session Expiration"}}, "cveMetadata": {"cveId": "CVE-2026-6848", "state": "PUBLISHED", "dateUpdated": "2026-04-22T12:55:24.902Z", "dateReserved": "2026-04-22T08:54:17.842Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2026-04-22T09:06:19.958Z", "assignerShortName": "redhat"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in Red Hat Quay. When Red Hat Quay requests password re-verification for sensitive operations, such as token generation or robot account creation, the re-authentication prompt can be bypassed. This allows a user with a timed-out session, or an attacker with access to an idle authenticated browser session, to perform privileged actions without providing valid credentials. The vulnerability enables unauthorized execution of sensitive operations despite the user interface displaying an error for invalid credentials."}], "id": "CVE-2026-6848", "lastModified": "2026-04-22T10:16:52.347", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "secalert@redhat.com", "type": "Primary"}]}, "published": "2026-04-22T10:16:52.347", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/security/cve/CVE-2026-6848"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460119"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-613"}], "source": "secalert@redhat.com", "type": "Primary"}]}

{"acknowledgement": "This issue was discovered by Davide Scrimieri (Red Hat).", "bugzilla": {"description": "quay: Red Hat Quay: Authentication bypass allows privileged actions without valid credentials", "id": "2460119", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460119"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.4", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "status": "draft"}, "cwe": "CWE-613", "details": ["A flaw was found in Red Hat Quay. When Red Hat Quay requests password re-verification for sensitive operations, such as token generation or robot account creation, the re-authentication prompt can be bypassed. This allows a user with a timed-out session, or an attacker with access to an idle authenticated browser session, to perform privileged actions without providing valid credentials. The vulnerability enables unauthorized execution of sensitive operations despite the user interface displaying an error for invalid credentials."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}, "name": "CVE-2026-6848", "package_state": [{"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Fix deferred", "package_name": "quay/quay-rhel8", "product_name": "Red Hat Quay 3"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Fix deferred", "package_name": "quay/quay-rhel9", "product_name": "Red Hat Quay 3"}], "public_date": "2026-04-10T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-6848\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-6848"], "statement": "This Moderate impact flaw in Red Hat Quay allows an attacker with access to an idle authenticated browser session to bypass session reauthentication. This enables the execution of sensitive operations, such as token generation or robot account creation, without requiring valid credentials after a session timeout. This affects Red Hat Quay versions 3.9 through 3.17.", "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": null}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "Red Hat Quay 3", "source": "cna", "vendor": "Red Hat"}, "product": "quay_3", "vendor": "redhat"}], "analysis": {"en": {"generated_at": "2026-04-22T10:22:39.016821+00:00", "value": {"mitigation_remediation": ["Apply the latest Red\u00a0Hat Quay security update that addresses the re\u2011authentication bypass as soon as it is released.", "Configure Quay to enforce strict session expirations and require re\u2011authentication for every privileged operation; enable any available settings that block idle sessions from performing sensitive actions.", "Limit token generation and robot account creation to a restricted administrator role and monitor for anomalous activity to detect potential abuse."], "summary": {"action": "Assess Impact", "impact": "Authentication bypass that permits privileged actions without valid credentials"}, "threat_synthesis": {"affected_systems": "Red\u00a0Hat Quay (version 3). No specific sub\u2011versions are listed, so all installations of Quay 3 are considered potentially affected.", "description_and_impact": "A flaw in Red\u00a0Hat Quay allows a user with a timed\u2011out or idle authenticated session to bypass the re\u2011authentication prompt required for sensitive operations such as token generation or robot account creation. The vulnerability enables the execution of privileged actions without supplying a valid password, even though the user interface displays an error for invalid credentials. This represents an authentication bypass weakness (CWE\u2011613) that can grant unauthorized access to critical administrative functions.", "risk_and_exploitability": "The CVSS score of 5.4 indicates a medium severity vulnerability, and the EPSS score is not available. It is not listed in the CISA KEV catalog. The likely attack vector involves an idle authenticated browser session or a session that has timed out. An attacker exploiting this flaw can perform privileged operations without presenting valid credentials, potentially allowing unauthorized creation of tokens or robot accounts, thereby escalating privileges or compromising downstream services."}}}}, "created": "2026-04-22T10:30:14.510777+00:00", "updated": "2026-04-22T11:43:43.879225+00:00", "vendors": ["redhat", "redhat$PRODUCT$quay_3"]}