Description
Dozzle is a realtime log viewer for docker containers. Prior to version 9.0.3, a flaw in Dozzle’s agent-backed shell endpoints allows a user restricted by label filters (for example, `label=env=dev`) to obtain an interactive root shell in out‑of‑scope containers (for example, `env=prod`) on the same agent host by directly targeting their container IDs. Version 9.0.3 contains a patch for the issue.
Published: 2026-01-27
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized root shell in containers via label filter bypass
Action: Patch Immediately
AI Analysis

Impact

A flaw in Dozzle’s agent‑backed shell endpoints allows an attacker who is already granted access to the Dozzle interface but restricted by label filters (for example, label=env=dev) to directly target the container IDs of out‑of‑scope containers (for example, env=prod). By sending shell requests for those containers, the attacker obtains an interactive root shell on the agent host, bypassing intended access controls. This demonstrates an Access Control weakness and a missing authorization flaw, as catalogued by CWE‑284 and CWE‑863.

Affected Systems

The vulnerability affects the Dozzle log viewer for Docker containers provided by amir20. Any deployment of Dozzle before version 9.0.3 is susceptible. The issue is present in the agent component that processes shell commands, regardless of the Docker host or the number of containers. The patch was supplied in release 9.0.3.

Risk and Exploitability

The CVSS score of 8.7 reflects a high‑severity flaw. The EPSS score is less than 1%, indicating a low probability of public exploitation at present, and the vulnerability is not listed in the CISA KEV catalog. Nevertheless, an attacker with even minimal access to the Dozzle web interface can exploit the bug by using direct container IDs, which requires no special privileges beyond those granted by the label filter. If the attacker gains access to the agent host, the impact is full root control over the host and any containers running on it.

Generated by OpenCVE AI on April 18, 2026 at 01:56 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to Dozzle 9.0.3 or later to receive the fix that removes the ability to target out‑of‑scope containers through the shell endpoint.
  • Restrict exposure of the Dozzle agent endpoints to trusted networks or users only. Implement network segmentation, firewalls, or reverse proxy rules that limit who can send shell requests.
  • Disable or remove the agent‑backed shell functionality if it is not required for your monitoring workflow. This can be done by configuring Dozzle to run without the shell plugin or by using the official DOZZLE_DISABLE_SHELL environment variable.

Generated by OpenCVE AI on April 18, 2026 at 01:56 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-m855-r557-5rc5 Dozzle Agent Label-Based Access Control Bypass Allows Unauthorized Container Shell Access
History

Thu, 19 Feb 2026 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Amirraminfar
Amirraminfar dozzle
CPEs cpe:2.3:a:amirraminfar:dozzle:*:*:*:*:*:docker:*:*
Vendors & Products Amirraminfar
Amirraminfar dozzle
Metrics cvssV3_1

{'score': 9.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L'}

Wed, 28 Jan 2026 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 28 Jan 2026 12:30:00 +0000

Type Values Removed Values Added
First Time appeared Amir20
Amir20 dozzle
Vendors & Products Amir20
Amir20 dozzle

Tue, 27 Jan 2026 21:15:00 +0000

Type Values Removed Values Added
Description Dozzle is a realtime log viewer for docker containers. Prior to version 9.0.3, a flaw in Dozzle’s agent-backed shell endpoints allows a user restricted by label filters (for example, `label=env=dev`) to obtain an interactive root shell in out‑of‑scope containers (for example, `env=prod`) on the same agent host by directly targeting their container IDs. Version 9.0.3 contains a patch for the issue.
Title Dozzle Agent Label-Based Access Control Bypass Allows Unauthorized Container Shell Access
Weaknesses CWE-284
CWE-863
References
Metrics cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

Amir20 Dozzle
Amirraminfar Dozzle
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-01-28T21:16:44.096Z

Reserved: 2026-01-26T19:06:16.059Z

Link: CVE-2026-24740

cve-icon Vulnrichment

Updated: 2026-01-28T21:16:39.221Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-27T21:16:03.277

Modified: 2026-02-19T21:30:24.780

Link: CVE-2026-24740

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T02:00:10Z

Weaknesses