CVE-2026-11569 – Quay: quay: stored xss via filedrop svg upload

CVE ID :CVE-2026-11569

Published : June 8, 2026, 12:16 p.m. | 16 minutes ago

Description :A flaw was found in Quay. The filedrop endpoint accepts any mime type without validation, allowing an authenticated user with repository write access to upload a malicious SVG file containing JavaScript. The file is stored and served inline through the CDN, enabling stored cross-site scripting when a victim visits the archive URL.

Severity: 5.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-11521 – Mohammed-eid35 bank-management-system-springboot Transaction Endpoint TransactionController.java improper authorization

CVE-2026-43973 – gun HTTP/1.1 response buffer has no size limit allowing server-controlled memory exhaustion

CVE-2026-43972 – gun HTTP/2 PUSH_PROMISE authority not validated against connection origin allows cross-origin cookie injection

CVE-2026-43974 – gun HTTP/1.1 client accepts unsolicited 101 Switching Protocols response allowing server-driven protocol hijack and OOM