CVE-2026-44985
Cross-Site WebSocket Hijacking in Dozzle
Publication date: 2026-05-26
Last updated on: 2026-05-26
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dozzle | dozzle | 10.5.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-346 | The product does not properly verify that the source of data or communication is valid. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows an attacker to gain interactive shell access to any container the victim is authorized to access by exploiting Cross-Site WebSocket Hijacking (CSWSH). Such unauthorized access to containerized environments can lead to exposure or manipulation of sensitive data.
As a result, this vulnerability could impact compliance with data protection standards and regulations such as GDPR and HIPAA, which require strict controls over access to sensitive personal and health information. Unauthorized access could lead to data breaches, violating confidentiality and integrity requirements mandated by these regulations.
Can you explain this vulnerability to me?
This vulnerability affects Dozzle, a realtime log viewer for Docker containers, in versions prior to 10.5.2. The WebSocket upgrader for the /exec and /attach endpoints uses a CheckOrigin function that always returns true, meaning it accepts WebSocket upgrade requests from any origin. Combined with the JWT cookie set with SameSite: Lax, this allows Cross-Site WebSocket Hijacking (CSWSH). An attacker hosting a page on a same-site origin (such as a sibling subdomain or another service on localhost) can initiate a WebSocket connection to the exec endpoint that carries the victim's valid JWT cookie. This grants the attacker interactive shell access to any container the victim is authorized to access.
This vulnerability was fixed in Dozzle version 10.5.2.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability can gain interactive shell access to Docker containers that the victim is authorized to access. This means the attacker can execute commands inside those containers, potentially leading to unauthorized data access, data modification, or disruption of services running inside the containers.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, upgrade Dozzle to version 10.5.2 or later, where the issue with the WebSocket upgrader accepting requests from any origin is fixed.