GHSA-xf85-363p-868w: oras-go: Malicious registry can hijack Bearer token realm to exfiltrate credentials and refresh tokens
Summary
oras-go (a tool for working with container registries) didn't validate where it sent credential requests when a registry gave it a new URL in its response. This allowed a malicious registry to trick the tool into either sending credentials over unencrypted connections (defeating HTTPS security) or probing internal network endpoints like cloud metadata services (SSRF, or server-side request forgery, where a program makes requests to places the user didn't intend).
Solution / Mitigation
The patch in `registry/remote/auth/client.go` now rejects realm URLs that use schemes other than http or https, use http when the registry was contacted over https (TLS downgrade), or use IP addresses in loopback, link-local, private, or unspecified ranges unless the registry itself was reached at that same hostname. Cross-host realms on public DNS names continue to be accepted.
Vulnerability Details
EPSS: 0.0%
Yes
July 1, 2026
Classification
Taxonomy References
Affected Vendors
Affected Packages
Related Issues
Original source: https://github.com/advisories/GHSA-xf85-363p-868w
First tracked: July 1, 2026 at 08:00 PM
Classified by LLM (prompt v3) · confidence: 75%