CVE Database · CVE-2026-28909
CVSS v3.1
6.5
EPSS
0.20%
Published
Apr 30, 2026
Modified
May 4, 2026
Public PoC / Exploit
All weaponized →No public PoC or exploit code indexed for this CVE.
Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.
Description
Users who connect to malicious registries with hostnames matching the bypass patterns will have their registry credentials exposed in plaintext. This issue is fixed in container version 0.12.3.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NWeaknesses (CWE)
Affected Products (1)
References (1)