Insufficient Input Validation in Beszel Server Monitoring Platform
CVE-2026-27734

6.5MEDIUM

Key Information:

Vendor: Henrygd
Status: Beszel
Vendor: CVE Published:; 27 February 2026

What is CVE-2026-27734?

The Beszel Server Monitoring Platform prior to version 0.18.2 is vulnerable due to insufficient validation of user-supplied input on authenticated API endpoints. Specifically, the endpoints GET /api/beszel/containers/logs and GET /api/beszel/containers/info improperly pass the 'container' parameter to the Docker agent without adequate validation. This design flaw allows authenticated users, even those with read-only permissions, to exploit URL paths and perform directory traversal attacks. By leveraging the raw parameter values, an attacker can access sensitive Docker API resources on the host machine, potentially disclosing critical infrastructure details. This issue has been addressed in version 0.18.4, which implements proper input validation measures.

Affected Version(s)

beszel < 0.18.4

References

https://github.com/henrygd/beszel/security/advisories/GHS...

x_refsource_CONFIRM

https://github.com/henrygd/beszel/releases/tag/v0.18.4

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 27, 2026
Vulnerability Reserved
Feb 23, 2026

CVE-2026-27734 Data

JSON

Henrygd

What is CVE-2026-27734?

Affected Version(s)

References

CVSS V3.1

Timeline