CVE-2026-10052

Name: CVE-2026-10052
Creator: NVD / NIST
Published: 2026-05-29T09:16:17.003+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 4.1/10EPSS 0.19%

Last modified Jun 17, 2026

This CVE is reserved or awaiting analysis. Details will appear once published by NVD.

Description

A flaw was found in the Quay config-tool's LDAP and SMTP validation functions. An attacker with config editor access can exploit these functions, which make outbound connections to user-supplied endpoints without proper IP or host filtering. This allows the attacker to perform internal network reconnaissance from the Quay pod's network position, potentially mapping the internal network infrastructure.

Metrics

CVSS 3.1

4.1/10

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N

EPSS Probability

0.19%

8.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-918

References

https://access.redhat.com/security/cve/CVE-2026-10052
https://bugzilla.redhat.com/show_bug.cgi?id=2483157

Timeline

Published: May 29, 2026
Last Modified: Jun 17, 2026
Status: Awaiting Analysis

Are you affected by CVE-2026-10052?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST