CVE-2026-12566
LowCVSS 3.1Exploitation Probability (EPSS)
Low risk6th percentile — higher than 6% of all known CVEs
Summary
The docker_pull module uses the realm parameter from a Docker registry's WWW-Authenticate response header as the authentication endpoint without validation. An attacker in a man-in-the-middle position could modify this header to redirect the authentication request to an arbitrary endpoint, potentially leaking authentication tokens.
Risk Assessment
The organization may be exposed to man-in-the-middle attacks, which could lead to unauthorized access to systems and leakage of sensitive authentication data.
Recommendation
It is recommended to implement validation of the WWW-Authenticate header and to monitor communication with Docker registries to detect potential attacks.
Original NVD description (English source)
The docker_pull module uses the realm parameter from a Docker registry's WWW-Authenticate response header as the authentication endpoint without validation. An attacker in a man-in-the-middle position between bbot and a Docker registry could modify this header to redirect the authentication request to an arbitrary endpoint, potentially leaking authentication tokens.

