VIR Vulnerability Intelligence Relay

Package impact

golang Go / github.com/distribution/distribution/v3

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2026-35172 high 7.5 7.5 2mo ago Distribution: stale blob access resurrection via repo-scoped redis descriptor cache invalidation debiansusegolang
CVE-2026-41888 medium 6.5 6.5 14d ago Distribution's tag deletion bypasses `storage.delete.enabled` configuration debiansusegolang
CVE-2026-33540 unknown 2mo ago Distribution affected by pull-through cache credential exfiltration via www-authenticate bearer realm debiansusegolang