Authentication Vulnerability in Dozzle Log Viewer for Docker Containers
CVE-2026-45298

8.6HIGH

Key Information:

Vendor: Amir20
Status: Dozzle
Vendor: CVE Published:; 26 May 2026

What is CVE-2026-45298?

The Dozzle log viewer for Docker containers presents a vulnerability where an attacker can access the API endpoint /api/notifications/test-webhook without proper authentication. This issue allows an attacker to send a crafted URL and receive a response that includes sensitive data such as the response status code and up to 1MB of response body from the target service, significantly compromising the integrity and confidentiality of the affected systems. The vulnerability has been addressed in version 10.5.2.

Affected Version(s)

dozzle < 10.5.2

References

https://github.com/amir20/dozzle/security/advisories/GHSA...

x_refsource_CONFIRM

https://github.com/amir20/dozzle/releases/tag/v10.5.2

x_refsource_MISC

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 26, 2026
Vulnerability Reserved
May 11, 2026

CVE-2026-45298 Data

JSON

Amir20

What is CVE-2026-45298?

Affected Version(s)

References

CVSS V3.1

Timeline