CVE-2026-48978 | oras-project oras-go up to 2.6.0 Client client.go Client.Do server-side request forgery

SecurityVulns

A vulnerability described as critical has been identified in oras-project oras-go up to 2.6.0. This issue affects the function Client.Do of the file registry/remote/auth/client.go of the component Client. The manipulation results in server-side request forgery.

This vulnerability is cataloged as CVE-2026-48978. The attack may be launched remotely. There is no exploit available.VulDB Recent EntriesRead More