Security Advisory

CVE-2026-39848

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-04-09 21:44:44

Last updated 2026-04-10 13:54:23

Assigner GitHub_M

State PUBLISHED

Description

Dockyard is a Docker container management app. Prior to 1.1.0, Docker container start and stop operations are performed through GET requests without CSRF protection. A remote attacker can cause a logged-in administrators browser to request /apps/action.php?action=stop&name=<container> or /apps/action.php?action=start&name=<container>, which starts or stops the target container. This vulnerability is fixed in 1.1.0.

← Browse all CVEs View on cve.org ↗