Medium severity6.5NVD Advisory· Published Apr 9, 2026· Updated Apr 13, 2026
CVE-2026-39848
CVE-2026-39848
Description
Dockyard is a Docker container management app. Prior to 1.1.0, Docker container start and stop operations are performed through GET requests without CSRF protection. A remote attacker can cause a logged-in administrator's browser to request /apps/action.php?action=stop&name= or /apps/action.php?action=start&name=, which starts or stops the target container. This vulnerability is fixed in 1.1.0.
Affected products
1Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.