[CYBERDIGEST]
⊞ Dashboard ⚡ Intelligence 📝 Reports 📚 Global Threats 💻 Hack Lab 🗄️ Resources ⌬ 0xJerry's Lab
📡 RSS Feed
System Online

Tag

#CVE-2026-50151

blogHIGH 7.5

Understanding the oras-go Credential Forwarding Vulnerability via Unvalidated Location Header

The oras-go library is vulnerable to a credential forwarding issue due to an unvalidated Location header during the monolithic blob upload flow. This allows an attacker to leak credentials to an attacker-controlled endpoint and perform client-side SSRF. The vulnerability affects versions prior to 2.6.1 and is tracked under CVE-2026-50151.

Jul 2, 20261 source