Zot's Dedupe Deception: How a Cache Feature Became an Authorization Bypass
Jan 3, 2026·9 min read·0 visits
Executive Summary (TL;DR)
Zot's deduplication feature, enabled by default, allowed authenticated users to steal container image layers from private repositories. By requesting a known blob digest in a repository they *did* have access to, they could trick Zot into copying the restricted blob from a global cache, bypassing all access control policies.
Zot, an OCI image registry, contains a critical authorization bypass vulnerability in its blob deduplication feature. Prior to version 2.1.0, an authenticated attacker with access to a single repository could read any blob from any other repository on the same instance, provided they knew the blob's digest. The flaw stemmed from the global cache, which would happily serve up blobs without verifying if the user was authorized to access the blob's original source repository, effectively turning a storage optimization feature into a data exfiltration vector.
Fix Analysis (1)
Technical Appendix
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NAffected Systems
Affected Versions Detail
| Product | Affected Versions | Fixed Version |
|---|---|---|
zot project-zot | < 2.1.0 | 2.1.0 |
| Attribute | Detail |
|---|---|
| CWE ID | CWE-639 |
| CWE Name | Authorization Bypass Through User-Controlled Key |
| Attack Vector | Network |
| Privileges Required | Low (Authenticated User) |
| CVSS 3.1 Score | 4.3 (Medium) |
| Impact | Low Confidentiality (Information Disclosure) |
| Exploit Status | Proof-of-Concept |
| KEV Status | Not Listed |
MITRE ATT&CK Mapping
The software uses a user-controlled key or index to access, modify, or retrieve a resource, but it does not sufficiently validate the key, allowing an attacker to access unauthorized resources.
Vulnerability Timeline
Subscribe to updates
Get the latest CVE analysis reports delivered to your inbox.