Back to overview

CVE-2026-58455

CRITICAL
9.8
CVSS 3.1
Description
Dockwatch through 0.6.567 contains an unauthenticated OS command injection vulnerability that allows remote attackers to execute arbitrary shell commands by exploiting a missing exit() after an authentication redirect in loader.php combined with unsanitized input passed to shell_exec() in ajax/compose.php. Attackers can seed the required session flag through the incomplete auth check, then inject arbitrary commands via the composePath POST parameter in the composePull action to achieve full host compromise, facilitated by the standard deployment mounting of the Docker socket.

Metadata

CVE ID
CVE-2026-58455
State
PUBLISHED
Assigner
VulnCheck
Reserved
2026-06-30 20:20 UTC
Published
2026-07-02 15:12 UTC
Last updated
2026-07-02 15:12 UTC
Primary CWE
CWE-698
Execution After Redirect (EAR)
Vendor / Product
Notifiarr / dockwatch
Sources
cve.org  ·  NVD

Severity & Metrics

9.8 CRITICAL CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products (1)
VendorProductPlatformVersions
Notifiarr dockwatch 0 ≤ 0.6.567
Weakness (CWE)
CWESourceDescription
CWE-698 cna Execution After Redirect (EAR)
CWE-78 cna Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVSS scores (2)
ScoreSeverityVersionSourceVector
9.8 CRITICAL 3.1 cna CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.2 CRITICAL 4.0 cna CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Back to overview