CVE-2026-6848
Authentication Bypass in Red Hat Quay Enables Privileged Actions
Publication date: 2026-04-22
Last updated on: 2026-04-22
Assigner: Red Hat, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| red_hat | quay | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-613 | According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization." |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-6848 is a vulnerability in Red Hat Quay that allows an attacker or user to bypass the password re-verification step required for sensitive operations.
When Red Hat Quay requests password re-verification for actions like token generation or robot account creation, the re-authentication prompt can be bypassed if the session has timed out or if an attacker has access to an idle authenticated browser session.
Despite the user interface showing an error indicating invalid credentials, the sensitive operations are still executed successfully in the background, allowing privileged actions without valid credentials.
How can this vulnerability impact me? :
This vulnerability can allow unauthorized users or attackers with access to an idle authenticated session to perform privileged actions without needing to re-authenticate.
- They can generate tokens or create robot accounts, which are sensitive operations that normally require password re-verification.
- This could lead to unauthorized access or misuse of resources within Red Hat Quay.
Because the user interface displays an error for invalid credentials while still executing the operations, it may mislead users or administrators about the security state.
Can you explain this vulnerability to me?
CVE-2026-6848 is a vulnerability in Red Hat Quay that allows an attacker or user to bypass the password re-verification step required for sensitive operations.
When Red Hat Quay requests password re-verification for actions like token generation or robot account creation, the re-authentication prompt can be bypassed. This means that even if the session has timed out or the user provides invalid credentials, the sensitive operation can still be executed.
The user interface shows an error indicating invalid credentials, but the operation is performed successfully in the background. This affects both the old and new Quay user interfaces and allows privileged actions without valid credentials.
How can this vulnerability impact me? :
This vulnerability can allow unauthorized users or attackers with access to an idle authenticated browser session to perform privileged actions without needing to re-authenticate.
Such privileged actions include generating tokens or creating robot accounts, which could lead to unauthorized access or manipulation within the Red Hat Quay environment.
Because the system incorrectly allows these sensitive operations despite invalid credentials, it increases the risk of unauthorized access and potential misuse of privileges.
Can you explain this vulnerability to me?
CVE-2026-6848 is a vulnerability in Red Hat Quay that allows bypassing the password re-verification process for sensitive operations.
When Red Hat Quay requests password re-verification for actions like token generation or robot account creation, the re-authentication prompt can be bypassed if the session has timed out or if an attacker has access to an idle authenticated browser session.
Despite the user interface showing an error indicating invalid credentials, the sensitive operations are still executed successfully in the background, allowing unauthorized privileged actions without valid credentials.
Can you explain this vulnerability to me?
CVE-2026-6848 is a vulnerability in Red Hat Quay that allows bypassing the password re-verification step required for sensitive operations.
When Red Hat Quay requests password re-verification for actions like token generation or robot account creation, the re-authentication prompt can be bypassed.
This means that even if a user's session has timed out or an attacker has access to an idle authenticated browser session, they can perform privileged actions without providing valid credentials.
Although the user interface shows an error indicating invalid credentials, the sensitive operations are still executed successfully in the background.
How can this vulnerability impact me? :
This vulnerability allows unauthorized users or attackers with access to an idle authenticated session to perform privileged actions without re-authenticating.
- They can generate tokens or create robot accounts without valid credentials.
- This could lead to unauthorized access or misuse of sensitive operations within Red Hat Quay.
Such unauthorized actions could compromise the security and integrity of your container image management and deployment processes.
How can this vulnerability impact me? :
This vulnerability can allow an attacker or a user with a timed-out session to perform privileged actions without re-authenticating.
- Unauthorized token generation
- Unauthorized creation of robot accounts
These actions could lead to unauthorized access or manipulation of resources, potentially compromising the security of your Red Hat Quay environment.
Can you explain this vulnerability to me?
CVE-2026-6848 is a vulnerability in Red Hat Quay that allows bypassing the password re-verification step required for sensitive operations.
When Red Hat Quay requests password re-verification for actions like token generation or robot account creation, the re-authentication prompt can be bypassed if the session has timed out or if an attacker has access to an idle authenticated browser session.
Even though the user interface shows an error indicating invalid credentials, the sensitive operations are still executed successfully in the background without requiring valid credentials.
How can this vulnerability impact me? :
This vulnerability allows unauthorized users or attackers with access to an idle authenticated session to perform privileged actions without re-authenticating.
- They can generate tokens or create robot accounts without valid credentials.
- This could lead to unauthorized access or misuse of sensitive operations within Red Hat Quay.
Because the user interface displays an error but still executes the operations, it may mislead users or administrators about the security state.
Can you explain this vulnerability to me?
CVE-2026-6848 is a vulnerability in Red Hat Quay that allows bypassing the password re-verification step required for sensitive operations.
When Red Hat Quay requests password re-verification for actions like token generation or robot account creation, the re-authentication prompt can be bypassed if the session has timed out or if an attacker has access to an idle authenticated browser session.
Despite the user interface showing an error indicating invalid credentials, the sensitive operations are still executed successfully in the background without requiring valid credentials.
How can this vulnerability impact me? :
This vulnerability allows unauthorized users or attackers with access to an idle authenticated session to perform privileged actions without needing to re-authenticate.
- They can generate tokens or create robot accounts, which are sensitive operations that normally require password re-verification.
- This could lead to unauthorized access or misuse of privileges within Red Hat Quay.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in Red Hat Quay allows bypassing password re-verification for sensitive operations, enabling unauthorized privileged actions without valid credentials.
This unauthorized access to sensitive operations could potentially lead to non-compliance with standards and regulations such as GDPR and HIPAA, which require strict access controls and authentication mechanisms to protect sensitive data and operations.
However, the provided information does not explicitly discuss the impact of this vulnerability on compliance with these or other common standards and regulations.