Beszel Vulnerable to Docker API Path Traversal via Unsanitized Container ID
Description
Beszel is a server monitoring platform. Prior to version 0.18.2, the hub's authenticated API endpoints GET /api/beszel/containers/logs and GET /api/beszel/containers/info pass the user-supplied "container" query parameter to the agent without validation. The agent constructs Docker Engine API URLs using fmt.Sprintf with the raw value instead of url.PathEscape(). Since Go's http.Client does not sanitize ../ sequences from URL paths sent over unix sockets, an authenticated user (including readonly role) can traverse to arbitrary Docker API endpoints on agent hosts, exposing sensitive infrastructure details. Version 0.18.4 fixes the issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/henrygd/beszelGo | < 0.18.4 | 0.18.4 |
Affected products
3- ghsa-coords2 versionspkg:golang/github.com/henrygd/beszelpkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Leap%2015.6
< 0.18.4+ 1 more
- (no CPE)range: < 0.18.4
- (no CPE)range: < 0.0.20260317T205859-150000.1.152.1
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-phwh-4f42-gwf3ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-27734ghsaADVISORY
- github.com/henrygd/beszel/commit/311095cfddda113863ca9656cf9e99411be1cef5ghsaWEB
- github.com/henrygd/beszel/releases/tag/v0.18.4ghsax_refsource_MISCWEB
- github.com/henrygd/beszel/security/advisories/GHSA-phwh-4f42-gwf3ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.