Pull-through cache bug leaks upstream registry credentials
TL;DR — A pull-through cache auth flaw in distribution can send upstream registry credentials to attacker-controlled token realm URLs by trusting WWW-Authenticate challenges from upstream.
What happened
distribution is a toolkit to pack, ship, store, and deliver container content.
CVE-2026-33540 describes a credential exfiltration issue in distribution when running in pull-through cache mode. In this mode, distribution discovers token authentication endpoints by parsing upstream WWW-Authenticate challenges; the problem is that the realm URL from a bearer challenge is used without validating that it matches the configured upstream registry host.
As a result, an attacker-controlled upstream registry (or an attacker with a MitM position to the upstream) can cause distribution to send the configured upstream credentials via HTTP Basic auth to an attacker-controlled realm URL.
The CVE record reports CVSS v3.1 base score 7.5 (High) and includes CISA ADP enrichment indicating exploitation status as PoC and automatable, which is a strong signal this is practical in real-world proxy-cache deployments.
Who is impacted
- Deployments using
distributionin pull-through cache mode. - Environments where upstream registry credentials are configured in the proxy cache and could be disclosed if sent to an attacker-controlled
realm.
| Item | Source value |
|---|---|
| Affected product | distribution |
| Affected versions | < 3.1.0 |
| Fixed version | 3.1.0 |
| Severity | CVSS v3.1 7.5 (High) |
| Weakness | CWE-918 (SSRF) |
What to do now
- Follow vendor remediation guidance and apply the fixed release.
"This vulnerability is fixed in 3.1.0."
- Inventory where
distributionis deployed as a pull-through cache (CI/CD registries, edge proxies, internal mirrors) and prioritize any internet-reachable or third-party-upstream configurations. - Treat upstream credentials as potentially exposed if compromise is suspected:
- rotate the upstream registry credentials configured for the cache
- review outbound requests from the cache for unexpected token service hosts (unexpected
realmdestinations)
- Reduce blast radius of inevitable proxy auth edge cases:
- use least-privilege credentials for upstream pulls (avoid reusing broad environment/cloud credentials for registry auth)
- ensure upstream connections are over authenticated, integrity-protected transport to reduce MitM feasibility
Content is AI-assisted and reviewed by our team, but issues may be missed and best practices evolve rapidly, send corrections to [email protected]. Always consult official documentation and validate key implementation decisions before making design or security choices.