CVE-2026-28909 | THREATINT

Description

Users who connect to malicious registries with hostnames matching the bypass patterns will have their registry credentials exposed in plaintext. This issue is fixed in container version 0.12.3.

PUBLISHED Reserved 2026-03-03 | Published 2026-04-30 | Updated 2026-04-30 | Assigner apple

Problem types

Users who connect to malicious registries with hostnames matching the bypass patterns will have their registry credentials exposed in plaintext.

Product status

0.12.1 (custom) before 0.12.3

affected

References

github.com/...tainer/security/advisories/GHSA-m5rp-xcpf-r8m7

cve.org (CVE-2026-28909)

nvd.nist.gov (CVE-2026-28909)

Download JSON