Cyber Resilience

CVE-2026-33540

HighPublic PoC

Published: 06 April 2026

Published
06 April 2026
Modified
09 April 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0006 17.5th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-33540 is a high-severity SSRF (CWE-918) vulnerability in Distribution Project Distribution. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 17.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-33540 affects the Distribution toolkit, an open-source project used to pack, ship, store, and deliver container content, specifically versions prior to 3.1.0. In pull-through cache mode, Distribution discovers token authentication endpoints by parsing WWW-Authenticate challenges from the configured upstream registry. However, it uses the realm URL extracted from a bearer challenge without validating that it matches the upstream registry host, enabling potential credential leakage.

An attacker who controls the upstream registry or holds a man-in-the-middle (MitM) position to it can exploit this vulnerability. By crafting a malicious WWW-Authenticate challenge, the attacker can trick Distribution into sending the configured upstream credentials via basic authentication to an attacker-controlled realm URL. This results in high confidentiality impact (CVSS 7.5: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), classified under CWE-918 (Server-Side Request Forgery), allowing remote, unauthenticated attackers to steal credentials without requiring user interaction.

The GitHub security advisory (GHSA-3p65-76g6-3w7r) confirms the issue is fixed in Distribution version 3.1.0, recommending an upgrade to mitigate the vulnerability. No additional workarounds are specified in the provided references.

EU & UK References

Vulnerability details

Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.0, in pull-through cache mode, distribution discovers token auth endpoints by parsing WWW-Authenticate challenges returned by the configured upstream registry. The realm URL from a bearer…

more

challenge is used without validating that it matches the upstream registry host. As a result, an attacker-controlled upstream (or an attacker with MitM position to the upstream) can cause distribution to send the configured upstream credentials via basic auth to an attacker-controlled realm URL. This vulnerability is fixed in 3.1.0.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1528 Steal Application Access Token Credential Access
Adversaries can steal application access tokens as a means of acquiring credentials to access remote systems and resources.
Why these techniques?

SSRF in network-exposed Distribution registry enables remote unauthenticated credential theft of upstream auth material (T1190 for initial exploitation of the service; T1528 for resulting theft of application/registry access tokens).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-34076Shared CWE-918
CVE-2026-6514Shared CWE-918
CVE-2026-44116Shared CWE-918
CVE-2026-21887Shared CWE-918
CVE-2026-31910Shared CWE-918
CVE-2026-48153Shared CWE-918
CVE-2026-45298Shared CWE-918
CVE-2025-7759Shared CWE-918
CVE-2026-39362Shared CWE-918
CVE-2026-31989Shared CWE-918

Affected Assets

distribution project
distribution
≤ 3.1.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires system-enforced validation of untrusted inputs like WWW-Authenticate realm URLs to ensure they match the configured upstream registry host, directly preventing SSRF-induced credential leakage.

prevent

Mandates identification, reporting, and timely remediation of software flaws such as this one by upgrading Distribution to version 3.1.0.

preventdetect

Monitors and controls communications at system boundaries to restrict outbound requests to unauthorized realm URLs controlled by attackers.

References