Auth bypass in Amir20 Dozzle

CVE-2026-24740

Dozzle is a realtime log viewer for docker containers. Prior to version 9.0.3, a flaw in Dozzle’s agent-backed shell endpoints allows a user restricted by label filters (for example, `label=env=dev`) to obtain an interactive root shell in…

EPSS: 0.000 (7.6th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References