All 3 CVE vulnerabilities found in distribution, with AI-generated Chinese analysis, references, and POCs.
Vendor: distribution
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-35172 | Distribution has stale blob access resurrection via repo-scoped redis descriptor cache invalidation CWE-284 | 7.5 | High | 2026-04-06 |
| CVE-2026-33540 | Distribution affected by pull-through cache credential exfiltration via www-authenticate bearer realm CWE-918 | 7.5 | High | 2026-04-06 |
| CVE-2025-24976 | Distribution's token authentication allows attacker to inject an untrusted signing key in a JWT CWE-639 | 8.8 | - | 2025-02-11 |
All 3 known CVE vulnerabilities affecting distribution with full Chinese analysis, references, and POCs where available.