Plattform
docker
Komponente
docker
Behoben in
1.1.1
CVE-2026-39848 describes a Cross-Site Request Forgery (CSRF) vulnerability affecting Dockyard, a Docker container management application. This vulnerability allows a remote attacker to initiate unauthorized actions, specifically starting or stopping Docker containers, by exploiting the lack of CSRF protection in container management operations. The vulnerability impacts versions of Dockyard prior to 1.1.0, and a fix is available in version 1.1.0.
An attacker could leverage this CSRF vulnerability to gain control over Docker containers managed by Dockyard. By crafting malicious links or embedding them in websites, an attacker can trick an authenticated administrator into unknowingly executing container start or stop commands. This could lead to data breaches, denial of service, or even the execution of arbitrary code within the container, depending on the container's configuration and privileges. The blast radius extends to any sensitive data or services running within the affected containers. This vulnerability highlights the importance of proper CSRF protection, especially in applications that manage critical infrastructure like Docker containers.
This vulnerability was publicly disclosed on 2026-04-09. No public proof-of-concept (PoC) code has been identified at the time of writing. The vulnerability is not currently listed on CISA KEV. The CVSS score of 6.5 (MEDIUM) indicates a moderate probability of exploitation, particularly given the ease of CSRF exploitation techniques.
Organizations utilizing Dockyard for Docker container management, particularly those with administrator accounts accessible via web interfaces, are at risk. Shared hosting environments where multiple users share a Dockyard instance are especially vulnerable, as an attacker could potentially compromise the accounts of other users.
• docker / container:
ps aux | grep dockyard• generic web:
curl -I http://<dockyard_url>/apps/action.php?action=start&name=<container> | grep -i '200 ok'• generic web:
curl -I http://<dockyard_url>/apps/action.php?action=stop&name=<container> | grep -i '200 ok'disclosure
Exploit-Status
EPSS
0.04% (13% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-39848 is to upgrade Dockyard to version 1.1.0 or later, which includes the necessary CSRF protection. If upgrading immediately is not feasible, consider implementing a temporary workaround by restricting access to the container management endpoints (/apps/action.php) to trusted networks or users. Web Application Firewalls (WAFs) can be configured to filter requests based on origin or referrer headers to prevent malicious requests. While not a complete solution, this can reduce the attack surface. After upgrading, confirm the fix by attempting to trigger a container action through a crafted URL and verifying that the action is blocked.
Aktualisieren Sie Dockyard auf Version 1.1.0 oder höher, um die Schwachstelle zu mindern. Diese Version implementiert (CSRF)-Schutzmaßnahmen für Container-Start- und Stopp-Operationen und verhindert so die unautorisierte Ausführung dieser Aktionen durch Angreifer.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-39848 is a Cross-Site Request Forgery (CSRF) vulnerability in Dockyard versions before 1.1.0, allowing attackers to start or stop Docker containers without authorization.
You are affected if you are using Dockyard versions prior to 1.1.0. Upgrade to 1.1.0 to resolve the vulnerability.
Upgrade Dockyard to version 1.1.0 or later. As a temporary workaround, restrict access to container management endpoints.
There is no confirmed active exploitation of CVE-2026-39848 at this time, but the vulnerability's nature makes it a potential target.
Refer to the Dockyard project's official release notes and security advisories for details on this vulnerability and the fix.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Dockerfile-Datei hoch und wir sagen dir sofort, ob du betroffen bist.