Vendor
high
advisory
Dozzle Pre-Auth SSRF Vulnerability via /api/notifications/test-webhook (CVE-2026-45298)
2 rules 1 TTP 1 IOCDozzle is vulnerable to a pre-authentication Server-Side Request Forgery (SSRF) vulnerability (CVE-2026-45298) in the default no-auth deployment that can expose internal resources.
dozzle
ssrf
cve-2026-45298
2r
1t
1i
high
advisory
Dozzle Cross-Site WebSocket Hijacking (CSWSH) Vulnerability
2 rules 2 TTPsDozzle is vulnerable to Cross-Site WebSocket Hijacking (CSWSH) due to a permissive CheckOrigin configuration and the use of SameSite=Lax for JWT cookies, allowing attackers on the same site to gain shell access to containers even with authentication enabled, tracked as CVE-2026-44985.
dozzle
cswsh
websocket
authentication-bypass
2r
2t