Platform
docker
Component
docker
Fixed in
1.1.1
CVE-2026-39848 describes a Cross-Site Request Forgery (CSRF) vulnerability affecting Dockyard, a Docker container management application. This vulnerability allows a remote attacker to initiate unauthorized actions, specifically starting or stopping Docker containers, by exploiting the lack of CSRF protection in container management operations. The vulnerability impacts versions of Dockyard prior to 1.1.0, and a fix is available in version 1.1.0.
An attacker could leverage this CSRF vulnerability to gain control over Docker containers managed by Dockyard. By crafting malicious links or embedding them in websites, an attacker can trick an authenticated administrator into unknowingly executing container start or stop commands. This could lead to data breaches, denial of service, or even the execution of arbitrary code within the container, depending on the container's configuration and privileges. The blast radius extends to any sensitive data or services running within the affected containers. This vulnerability highlights the importance of proper CSRF protection, especially in applications that manage critical infrastructure like Docker containers.
This vulnerability was publicly disclosed on 2026-04-09. No public proof-of-concept (PoC) code has been identified at the time of writing. The vulnerability is not currently listed on CISA KEV. The CVSS score of 6.5 (MEDIUM) indicates a moderate probability of exploitation, particularly given the ease of CSRF exploitation techniques.
Exploit Status
EPSS
0.04% (13% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-39848 is to upgrade Dockyard to version 1.1.0 or later, which includes the necessary CSRF protection. If upgrading immediately is not feasible, consider implementing a temporary workaround by restricting access to the container management endpoints (/apps/action.php) to trusted networks or users. Web Application Firewalls (WAFs) can be configured to filter requests based on origin or referrer headers to prevent malicious requests. While not a complete solution, this can reduce the attack surface. After upgrading, confirm the fix by attempting to trigger a container action through a crafted URL and verifying that the action is blocked.
Update Dockyard to version 1.1.0 or higher to mitigate the vulnerability. This version implements CSRF protections for container start and stop operations, preventing unauthorized execution of these actions by attackers.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-39848 is a Cross-Site Request Forgery (CSRF) vulnerability in Dockyard versions before 1.1.0, allowing attackers to start or stop Docker containers without authorization.
You are affected if you are using Dockyard versions prior to 1.1.0. Upgrade to 1.1.0 to resolve the vulnerability.
Upgrade Dockyard to version 1.1.0 or later. As a temporary workaround, restrict access to container management endpoints.
There is no confirmed active exploitation of CVE-2026-39848 at this time, but the vulnerability's nature makes it a potential target.
Refer to the Dockyard project's official release notes and security advisories for details on this vulnerability and the fix.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your Dockerfile file and we'll tell you instantly if you're affected.