CVE Catalog

CVE-2026-12566

LowCVSS 3.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.17%

6th percentile — higher than 6% of all known CVEs

Summary

The docker_pull module uses the realm parameter from a Docker registry's WWW-Authenticate response header as the authentication endpoint without validation. An attacker in a man-in-the-middle position could modify this header to redirect the authentication request to an arbitrary endpoint, potentially leaking authentication tokens.

Risk Assessment

The organization may be exposed to man-in-the-middle attacks, which could lead to unauthorized access to systems and leakage of sensitive authentication data.

Recommendation

It is recommended to implement validation of the WWW-Authenticate header and to monitor communication with Docker registries to detect potential attacks.

Original NVD description (English source)

The docker_pull module uses the realm parameter from a Docker registry's WWW-Authenticate response header as the authentication endpoint without validation. An attacker in a man-in-the-middle position between bbot and a Docker registry could modify this header to redirect the authentication request to an arbitrary endpoint, potentially leaking authentication tokens.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS