VYPR
Unrated severityOSV Advisory· Published Jan 19, 2026· Updated Jan 20, 2026

Tugtainer vulnerable to Password Exposure via URL Query Parameter

CVE-2026-23846

Description

Tugtainer is a self-hosted app for automating updates of Docker containers. In versions prior to 1.16.1, the password authentication mechanism transmits passwords via URL query parameters instead of the HTTP request body. This causes passwords to be logged in server access logs and potentially exposed through browser history, Referer headers, and proxy logs. Version 1.16.1 patches the issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Quenary/TugtainerOSV2 versions
    v1.0.0, v1.0.1, v1.0.2, …+ 1 more
    • (no CPE)range: v1.0.0, v1.0.1, v1.0.2, …
    • (no CPE)range: <1.16.1

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.