CVE-2026-24740

Dozzle is a realtime log viewer for docker containers. Prior to version 9.0.3, a flaw in Dozzle’s agent-backed shell endpoints allows a user restricted by label filters (for example, `label=env=dev`) to obtain an interactive root shell in out‑of‑scope containers (for example, `env=prod`) on the same agent host by directly targeting their container IDs. Version 9.0.3 contains a patch for the issue.

CVSS v3 9.9 CRITICAL

9.9^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.1 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact LOW

Scope CHANGED

References

Link	Resource
https://github.com/amir20/dozzle/commit/620e59aa246347ba8a27e68c532853b8a5137bc1	Patch
https://github.com/amir20/dozzle/releases/tag/v9.0.3	Product Release Notes
https://github.com/amir20/dozzle/security/advisories/GHSA-m855-r557-5rc5	Exploit Mitigation Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:amirraminfar:dozzle:*:*:*:*:*:docker:*:*

History

No history.

Information

Published : 2026-01-27 21:16

Updated : 2026-02-19 21:30

NVD link : CVE-2026-24740

Mitre link : CVE-2026-24740

CVE.ORG link : CVE-2026-24740

JSON object : View

Products Affected

amirraminfar

dozzle

CWE

CWE-284

Improper Access Control

CWE-863

Incorrect Authorization

{"id": "CVE-2026-24740", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.9, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 3.1}], "cvssMetricV40": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-01-27T21:16:03.277", "references": [{"url": "https://github.com/amir20/dozzle/commit/620e59aa246347ba8a27e68c532853b8a5137bc1", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/amir20/dozzle/releases/tag/v9.0.3", "tags": ["Product", "Release Notes"], "source": "security-advisories@github.com"}, {"url": "https://github.com/amir20/dozzle/security/advisories/GHSA-m855-r557-5rc5", "tags": ["Exploit", "Mitigation", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-284"}, {"lang": "en", "value": "CWE-863"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "Dozzle is a realtime log viewer for docker containers. Prior to version 9.0.3, a flaw in Dozzle\u2019s agent-backed shell endpoints allows a user restricted by label filters (for example, `label=env=dev`) to obtain an interactive root shell in out\u2011of\u2011scope containers (for example, `env=prod`) on the same agent host by directly targeting their container IDs. Version 9.0.3 contains a patch for the issue."}, {"lang": "es", "value": "Dozzle es un visor de logs en tiempo real para contenedores Docker. Antes de la versi\u00f3n 9.0.3, una falla en los puntos finales de shell respaldados por agente de Dozzle permite a un usuario restringido por filtros de etiquetas (por ejemplo, 'label=env=dev') obtener un shell root interactivo en contenedores fuera de alcance (por ejemplo, 'env=prod') en el mismo host de agente al apuntar directamente a sus IDs de contenedor. La versi\u00f3n 9.0.3 contiene un parche para el problema."}], "lastModified": "2026-02-19T21:30:24.780", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:amirraminfar:dozzle:*:*:*:*:*:docker:*:*", "vulnerable": true, "matchCriteriaId": "A95FD36E-EB83-4D34-9E97-94EA954B4AAF", "versionEndExcluding": "9.0.3"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}