Browse all 3 CVE security advisories affecting distribution. AI-powered Chinese analysis, POCs, and references for each vulnerability.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-35172 | Distribution has stale blob access resurrection via repo-scoped redis descriptor cache invalidation — distributionCWE-284 | 7.5 | High | 2026-04-06 |
| CVE-2026-33540 | Distribution affected by pull-through cache credential exfiltration via www-authenticate bearer realm — distributionCWE-918 | 7.5 | High | 2026-04-06 |
| CVE-2025-24976 | Distribution's token authentication allows attacker to inject an untrusted signing key in a JWT — distributionCWE-639 | 8.8 | - | 2025-02-11 |
This page lists every published CVE security advisory associated with distribution. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.