HIGH
amir20
CVE published 2026-05-26
CVE-2026-44985
A critical Cross-Site WebSocket Hijacking (CSWSH) vulnerability in Dozzle, a real-time Docker log viewer, enables attackers to gain interactive shell access to containers by exploiting a permissive WebSocket origin check combined with lax cookie security. The vulnerability affects versions prior to 10.5.2 and was disclosed on 2026-05-26.