CVE-2026-44985
9.6 CRITICALDozzle is a realtime log viewer for docker containers
Published: 2026-05-26 · Last updated: 2026-05-29
Severity and scoring
- CVSS
- 9.6 CRITICAL
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
- CWE
- CWE-346
Affected products
| Vendor | Product |
|---|---|
| amirraminfar | dozzle |
Description
Dozzle is a realtime log viewer for docker containers. Prior to 10.5.2, he WebSocket upgrader for the /exec and /attach endpoints uses CheckOrigin: func(r *http.Request) bool { return true }, accepting upgrade requests from any origin. Combined with the JWT cookie using SameSite: Lax, this enables Cross-Site WebSocket Hijacking (CSWSH). An attacker hosting a page on a same-site origin (e.g., a sibling subdomain, or another service on localhost) can initiate a WebSocket connection to the exec endpoint that carries the victim's valid JWT cookie, gaining interactive shell access in any container the victim is authorized to access. This vulnerability is fixed in 10.5.2.
Source: NVD
References
Related CVEs
Same vendor
- CVE-2026-45298 — Dozzle is a realtime log viewer for docker containers (8.6 HIGH)
Same CWE
- CVE-2026-42558 — Xibo is an open source digital signage platform with a web content management system and Windows display player software (7.6 HIGH)
- CVE-2026-10846 — NLnet Labs ldns 1.2.0 up to and including versions 1.9.0, when used in applications as (stub) resolver over UDP, lacks matching the query...
- CVE-2026-44755 — SAP Business Objects Business Intelligence Platform does not sufficiently validate email sending parameters supplied by authenticated use... (4.3 MEDIUM)
- CVE-2026-11693 — Inappropriate implementation in Plugins in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the render... (8.1 HIGH)
- CVE-2026-43972 — Origin Validation Error vulnerability in ninenines gun (gun_http2 module) allows cross-origin cookie injection via unvalidated HTTP/2 PUS...