diff --git a/pkg/api/config/config.go b/pkg/api/config/config.go
index 12892a65..18899e1a 100644
--- a/pkg/api/config/config.go
+++ b/pkg/api/config/config.go
@@ -340,6 +340,10 @@ func (c *Config) IsLdapAuthEnabled() bool {
 	return false
 }
 
+func (c *Config) IsAuthzEnabled() bool {
+	return c.HTTP.AccessControl != nil
+}
+
 func (c *Config) IsMTLSAuthEnabled() bool {
 	if c.HTTP.TLS != nil &&
 		c.HTTP.TLS.Key != "" &&
diff --git a/pkg/api/routes.go b/pkg/api/routes.go
index 5dc29f2a..1314f5f5 100644
--- a/pkg/api/routes.go
+++ b/pkg/api/routes.go
@@ -879,13 +879,11 @@ func canMount(userAc *reqCtx.UserAccessControl, imgStore storageTypes.ImageStore
 ) (bool, error) {
 	canMount := true
 
-	// authz enabled
 	if userAc != nil {
 		canMount = false
 
 		repos, err := imgStore.GetAllDedupeReposCandidates(digest)
 		if err != nil {
-			// first write
 			return false, err
 		}
 
@@ -943,9 +941,12 @@ func (rh *RouteHandler) CheckBlob(response http.ResponseWriter, request *http.Re
 		return
 	}
 
-	userCanMount, err := canMount(userAc, imgStore, digest)
-	if err != nil {
-		rh.c.Log.Error().Err(err).Msg("unexpected error")
+	userCanMount := true
+	if rh.c.Config.IsAuthzEnabled() {
+		userCanMount, err = canMount(userAc, imgStore, digest)
+		if err != nil {
+			rh.c.Log.Error().Err(err).Msg("unexpected error")
+		}
 	}
 
 	var blen int64
@@ -963,7 +964,7 @@ func (rh *RouteHandler) CheckBlob(response http.ResponseWriter, request *http.Re
 
 	if err != nil {
 		details := zerr.GetDetails(err)
-		if errors.Is(err, zerr.ErrBadBlobDigest) { //nolint:gocritic // errorslint conflicts with gocritic:IfElseChain
+		if errors.Is(err, zerr.ErrBadBlobDigest) { //nolint:gocritic,dupl // errorslint conflicts with gocritic:IfElseChain
 			details["digest"] = digest.String()
 			e := apiErr.NewError(apiErr.DIGEST_INVALID).AddDetail(details)
 			zcommon.WriteJSON(response, http.StatusBadRequest, apiErr.NewErrorList(e))
@@ -1254,9 +1255,12 @@ func (rh *RouteHandler) CreateBlobUpload(response http.ResponseWriter, request *
 			return
 		}
 
-		userCanMount, err := canMount(userAc, imgStore, mountDigest)
-		if err != nil {
-			rh.c.Log.Error().Err(err).Msg("unexpected error")
+		userCanMount := true
+		if rh.c.Config.IsAuthzEnabled() {
+			userCanMount, err = canMount(userAc, imgStore, mountDigest)
+			if err != nil {
+				rh.c.Log.Error().Err(err).Msg("unexpected error")
+			}
 		}
 
 		// zot does not support cross mounting directly and do a workaround creating using hard link.
diff --git a/pkg/storage/imagestore/imagestore.go b/pkg/storage/imagestore/imagestore.go
index d07d5de4..8bec91fe 100644
--- a/pkg/storage/imagestore/imagestore.go
+++ b/pkg/storage/imagestore/imagestore.go
@@ -1121,6 +1121,10 @@ func (is *ImageStore) GetAllDedupeReposCandidates(digest godigest.Digest) ([]str
 		return nil, err
 	}
 
+	if is.cache == nil {
+		return nil, nil
+	}
+
 	is.RLock(&lockLatency)
 	defer is.RUnlock(&lockLatency)