Github.Com Distribution Distribution V3 vulnerabilities
2 known vulnerabilities affecting github.com/distribution_distribution_v3.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2026-35172HIGH≥ 0, < 3.1.02026-04-06
CVE-2026-35172 [HIGH] CWE-284 Distribution: stale blob access resurrection via repo-scoped redis descriptor cache invalidation
Distribution: stale blob access resurrection via repo-scoped redis descriptor cache invalidation
## summary:
distribution can restore read access in `repo a` after an explicit delete when `storage.cache.blobdescriptor: redis` and `storage.delete.enabled: true` are both enabled. the delete path clears the shared digest descriptor but leaves stale repo-scoped membership b
ghsaosv
CVE-2026-33540MEDIUMCVSS 6.1≥ 0, < 3.1.02026-04-06
CVE-2026-33540 [MEDIUM] CWE-918 Distribution affected by pull-through cache credential exfiltration via www-authenticate bearer realm
Distribution affected by pull-through cache credential exfiltration via www-authenticate bearer realm
hi guys,
commit: 40594bd98e6d6ed993b5c6021c93fdf96d2e5851 (as-of 2026-01-31)
contact: GitHub Security Advisory (https://github.com/distribution/distribution/security/advisories/new)
## summary
in pull-through cache mode, distribution discovers token auth endpo
ghsaosv