CVE-2026-12566
published 2026-06-17CVE-2026-12566: The docker_pull module uses the realm parameter from a Docker registry's WWW-Authenticate response header as the authentication endpoint without validation. An…
PriorityP418low3.1CVSS 3.1
AVNACHPRNUIRSUCLINAN
EPSS
0.17%
6.3th percentile
The docker_pull module uses the realm parameter from a Docker registry's WWW-Authenticate response header as the authentication endpoint without validation. An attacker in a man-in-the-middle position between bbot and a Docker registry could modify this header to redirect the authentication request to an arbitrary endpoint, potentially leaking authentication tokens.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| black_lantern_security | bbot | >= 2.0.0 < 2.8.5 | 2.8.5 |
| black_lantern_security | bbot | 2.0.0 – <=2.8.4 | — |
CVSS provenance
nvdv3.13.1LOWCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
cvelistv5v3.13.1LOWCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
BBOT: Server-Side Request Forgery (SSRF) in docker_pull module via WWW-Authenticate realm parsing
ghsa·2026-06-18
CVE-2026-12566 [LOW] CWE-20 BBOT: Server-Side Request Forgery (SSRF) in docker_pull module via WWW-Authenticate realm parsing
BBOT: Server-Side Request Forgery (SSRF) in docker_pull module via WWW-Authenticate realm parsing
The `docker_pull` module uses the `realm` parameter from a Docker registry's `WWW-Authenticate` response header as the authentication endpoint without validation. An attacker in a man-in-the-middle position between bbot and a Docker registry could modify this header to redirect the authentication request to an arbitrary endpoint, potentially leaking authentication tokens.
CVEList
SSRF via unvalidated WWW-Authenticate realm in docker_pull module
cvelistv5·2026-06-17·CVSS 3.1
CVE-2026-12566 [LOW] CWE-918 SSRF via unvalidated WWW-Authenticate realm in docker_pull module
SSRF via unvalidated WWW-Authenticate realm in docker_pull module
The docker_pull module uses the realm parameter from a Docker registry's WWW-Authenticate response header as the authentication endpoint without validation. An attacker in a man-in-the-middle position between bbot and a Docker registry could modify this header to redirect the authentication request to an arbitrary endpoint, potentially leaking authentication tokens.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-06-17
Published