CVE-2026-39848

Dockyard is a Docker container management app. Prior to 1.1.0, Docker container start and stop operations are performed through GET requests without CSRF protection. A remote attacker can cause a logged-in administrator's browser to request /apps/action.php?action=stop&name=<container> or /apps/action.php?action=start&name=<container>, which starts or stops the target container. This vulnerability is fixed in 1.1.0.
Configurations

Configuration 1 (hide)

cpe:2.3:a:10ij:dockyard:*:*:*:*:*:*:*:*

History

08 Jul 2026, 14:42

Type Values Removed Values Added
References () https://github.com/10ij/dockyard/security/advisories/GHSA-jrf6-3j4j-q36g - () https://github.com/10ij/dockyard/security/advisories/GHSA-jrf6-3j4j-q36g - Broken Link
CPE cpe:2.3:a:10ij:dockyard:*:*:*:*:*:*:*:*
CWE CWE-352
First Time 10ij dockyard
10ij

10 Apr 2026, 14:16

Type Values Removed Values Added
References () https://github.com/10ij/dockyard/security/advisories/GHSA-jrf6-3j4j-q36g - () https://github.com/10ij/dockyard/security/advisories/GHSA-jrf6-3j4j-q36g -

09 Apr 2026, 22:16

Type Values Removed Values Added
New CVE

Information

Published : 2026-04-09 22:16

Updated : 2026-07-08 14:42


NVD link : CVE-2026-39848

Mitre link : CVE-2026-39848

CVE.ORG link : CVE-2026-39848


JSON object : View

Products Affected

10ij

  • dockyard
CWE
CWE-306

Missing Authentication for Critical Function

CWE-352

Cross-Site Request Forgery (CSRF)