CVE-2026-33540
Published: 06 April 2026
Summary
CVE-2026-33540 is a high-severity SSRF (CWE-918) vulnerability in Distribution Project Distribution. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 12.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires system-enforced validation of untrusted inputs like WWW-Authenticate realm URLs to ensure they match the configured upstream registry host, directly preventing SSRF-induced credential leakage.
Mandates identification, reporting, and timely remediation of software flaws such as this one by upgrading Distribution to version 3.1.0.
Monitors and controls communications at system boundaries to restrict outbound requests to unauthorized realm URLs controlled by attackers.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SSRF in network-exposed Distribution registry enables remote unauthenticated credential theft of upstream auth material (T1190 for initial exploitation of the service; T1528 for resulting theft of application/registry access tokens).
NVD Description
Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.0, in pull-through cache mode, distribution discovers token auth endpoints by parsing WWW-Authenticate challenges returned by the configured upstream registry. The realm URL from a bearer…
more
challenge is used without validating that it matches the upstream registry host. As a result, an attacker-controlled upstream (or an attacker with MitM position to the upstream) can cause distribution to send the configured upstream credentials via basic auth to an attacker-controlled realm URL. This vulnerability is fixed in 3.1.0.
Deeper analysisAI
CVE-2026-33540 affects the Distribution toolkit, an open-source project used to pack, ship, store, and deliver container content, specifically versions prior to 3.1.0. In pull-through cache mode, Distribution discovers token authentication endpoints by parsing WWW-Authenticate challenges from the configured upstream registry. However, it uses the realm URL extracted from a bearer challenge without validating that it matches the upstream registry host, enabling potential credential leakage.
An attacker who controls the upstream registry or holds a man-in-the-middle (MitM) position to it can exploit this vulnerability. By crafting a malicious WWW-Authenticate challenge, the attacker can trick Distribution into sending the configured upstream credentials via basic authentication to an attacker-controlled realm URL. This results in high confidentiality impact (CVSS 7.5: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), classified under CWE-918 (Server-Side Request Forgery), allowing remote, unauthenticated attackers to steal credentials without requiring user interaction.
The GitHub security advisory (GHSA-3p65-76g6-3w7r) confirms the issue is fixed in Distribution version 3.1.0, recommending an upgrade to mitigate the vulnerability. No additional workarounds are specified in the provided references.
Details
- CWE(s)