CVE-2026-50151 | oras-project oras-go up to 2.6.0 BlobStore repository.go completePushAfterInitialPost improper authorization
A vulnerability classified as problematic has been found in oras-project oras-go up to 2.6.0. Impacted is the function completePushAfterInitialPost of the file registry/remote/repository.go of the component BlobStore. This manipulation causes improper authorization.
This vulnerability is registered as CVE-2026-50151. Remote exploitation of the attack is possible. No exploit is available.VulDB Recent EntriesRead More