CVE-2026-10078

Name: CVE-2026-10078
Creator: NVD / NIST
Published: 2026-05-29T11:16:16.663+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

LOWCVSS 2.7/10EPSS 0.20%

Last modified Jun 17, 2026

This CVE is reserved or awaiting analysis. Details will appear once published by NVD.

Description

A flaw was found in the Quay config-tool's GitLab OAuth validator. This vulnerability causes sensitive credentials, specifically client_id and client_secret, to be transmitted as plaintext in URL query parameters during POST requests to the GitLab endpoint. This insecure transmission can lead to the disclosure of these credentials in various system logs, such as server access logs, reverse proxy logs, and other monitoring systems. An attacker with access to these logs could potentially obtain these credentials, leading to unauthorized information disclosure.

Metrics

CVSS 3.1

2.7/10

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

EPSS Probability

0.20%

9.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-598

References

Timeline

Published: May 29, 2026
Last Modified: Jun 17, 2026
Status: Awaiting Analysis

Are you affected by CVE-2026-10078?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST