CVE-2026-39848

Publication date

2026-04-09 21:44:44

Family

GitHub_M

State

PUBLISHED

Description

Dockyard is a Docker container management app. Prior to 1.1.0, Docker container start and stop operations are performed through GET requests without CSRF protection. A remote attacker can cause a logged-in administrators browser to request /apps/action.php?action=stop&name= or /apps/action.php?action=start&name=, which starts or stops the target container. This vulnerability is fixed in 1.1.0.