Vendor
Dozzle is vulnerable to Cross-Site WebSocket Hijacking (CSWSH) due to a permissive CheckOrigin configuration and the use of SameSite=Lax for JWT cookies, allowing attackers on the same site to gain shell access to containers even with authentication enabled, tracked as CVE-2026-44985.