Critical severity9.8OSV Advisory· Published Jun 22, 2018· Updated Jun 17, 2026
CVE-2018-12678
CVE-2018-12678
Description
Portainer before 1.18.0 supports unauthenticated requests to the websocket endpoint with an unvalidated id query parameter for the /websocket/exec endpoint, which allows remote attackers to bypass intended access restrictions or conduct SSRF attacks.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
2- github.com/portainer/portainer/pull/1979nvdIssue TrackingPatchThird Party Advisory
- github.com/portainer/portainer/releases/tag/1.18.0nvdIssue TrackingThird Party Advisory
News mentions
0No linked articles in our index yet.