Cyber Resilience

CVE-2026-35172

HighPublic PoC

Published: 06 April 2026

Published
06 April 2026
Modified
27 April 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0006 19.4th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-35172 is a high-severity Improper Access Control (CWE-284) vulnerability in Distribution Distribution. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 19.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SC-4 (Information in Shared System Resources) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-35172 is a vulnerability in the Distribution toolkit, an open-source project for packing, shipping, storing, and delivering container content. In versions prior to 3.1.0, when configured with storage.cache.blobdescriptor set to redis and storage.delete.enabled set to true, the delete operation for a blob in one repository (repo A) clears the shared digest descriptor but leaves behind stale repo-scoped membership data. A subsequent Stat or Get operation on another repository (repo B) that references the same blob digest repopulates the shared descriptor, restoring read access to the deleted blob in repo A.

The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), meaning it can be exploited over the network with low complexity, no privileges, no user interaction, and no impact on integrity or availability. Any unauthenticated attacker with network access to the Distribution instance can trigger the restoration by performing a Stat or Get on repo B, thereby regaining read access to confidential blobs intentionally deleted from repo A, such as sensitive container images.

The vulnerability is addressed in Distribution version 3.1.0. Additional details on the issue and mitigation are available in the GitHub security advisory at https://github.com/distribution/distribution/security/advisories/GHSA-f2g3-hh2r-cwgc.

EU & UK References

Vulnerability details

Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.0, distribution can restore read access in repo a after an explicit delete when storage.cache.blobdescriptor: redis and storage.delete.enabled: true are both enabled. The delete path clears…

more

the shared digest descriptor but leaves stale repo-scoped membership behind, so a later Stat or Get from repo b repopulates the shared descriptor and makes the deleted blob readable from repo a again. This vulnerability is fixed in 3.1.0.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Vulnerability in public-facing Distribution registry service allows unauthenticated remote exploitation to restore and access deleted sensitive blobs.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-39339Shared CWE-284
CVE-2026-46839Shared CWE-284
CVE-2025-26010Shared CWE-284
CVE-2026-34291Shared CWE-284
CVE-2023-47539Shared CWE-284
CVE-2026-23899Shared CWE-284
CVE-2025-7016Shared CWE-284
CVE-2026-46822Shared CWE-284
CVE-2024-37566Shared CWE-284
CVE-2026-30689Shared CWE-284

Affected Assets

distribution
distribution
≤ 3.1.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the vulnerability by requiring timely patching to Distribution version 3.1.0, which fixes the improper blob deletion logic leaving stale Redis cache data.

prevent

Prevents unauthorized restoration of deleted blobs via shared Redis cache resources by implementing mechanisms to isolate or sanitize shared system resources like blob descriptors.

prevent

Enforces repository-specific access authorizations to block read access to deleted blobs even if cross-repository cache repopulation occurs.

References