{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-39848", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-04-07T19:13:20.378Z", "datePublished": "2026-04-09T21:44:44.687Z", "dateUpdated": "2026-04-10T13:54:23.314Z"}, "containers": {"cna": {"title": "Dockyard's Unauthenticated Cron Endpoint in Dockyard Enables Container Enumeration and Database Manipulation", "problemTypes": [{"descriptions": [{"cweId": "CWE-306", "lang": "en", "description": "CWE-306: Missing Authentication for Critical Function", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/10ij/dockyard/security/advisories/GHSA-jrf6-3j4j-q36g", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/10ij/dockyard/security/advisories/GHSA-jrf6-3j4j-q36g"}], "affected": [{"vendor": "10ij", "product": "dockyard", "versions": [{"version": "< 1.1.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-09T21:44:44.687Z"}, "descriptions": [{"lang": "en", "value": "Dockyard is a Docker container management app. Prior to 1.1.0, Docker container start and stop operations are performed through GET requests without CSRF protection. A remote attacker can cause a logged-in administrator's browser to request /apps/action.php?action=stop&name=<container> or /apps/action.php?action=start&name=<container>, which starts or stops the target container. This vulnerability is fixed in 1.1.0."}], "source": {"advisory": "GHSA-jrf6-3j4j-q36g", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/10ij/dockyard/security/advisories/GHSA-jrf6-3j4j-q36g", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-10T13:54:19.256778Z", "id": "CVE-2026-39848", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-10T13:54:23.314Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-39848", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-10T13:54:19.256778Z"}}}], "references": [{"url": "https://github.com/10ij/dockyard/security/advisories/GHSA-jrf6-3j4j-q36g", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-10T13:54:11.988Z"}}], "cna": {"title": "Dockyard's Unauthenticated Cron Endpoint in Dockyard Enables Container Enumeration and Database Manipulation", "source": {"advisory": "GHSA-jrf6-3j4j-q36g", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "10ij", "product": "dockyard", "versions": [{"status": "affected", "version": "< 1.1.0"}]}], "references": [{"url": "https://github.com/10ij/dockyard/security/advisories/GHSA-jrf6-3j4j-q36g", "name": "https://github.com/10ij/dockyard/security/advisories/GHSA-jrf6-3j4j-q36g", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "Dockyard is a Docker container management app. Prior to 1.1.0, Docker container start and stop operations are performed through GET requests without CSRF protection. A remote attacker can cause a logged-in administrator's browser to request /apps/action.php?action=stop&name=<container> or /apps/action.php?action=start&name=<container>, which starts or stops the target container. This vulnerability is fixed in 1.1.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-306", "description": "CWE-306: Missing Authentication for Critical Function"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-09T21:44:44.687Z"}}}, "cveMetadata": {"cveId": "CVE-2026-39848", "state": "PUBLISHED", "dateUpdated": "2026-04-10T13:54:23.314Z", "dateReserved": "2026-04-07T19:13:20.378Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-09T21:44:44.687Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Dockyard is a Docker container management app. Prior to 1.1.0, Docker container start and stop operations are performed through GET requests without CSRF protection. A remote attacker can cause a logged-in administrator's browser to request /apps/action.php?action=stop&name=<container> or /apps/action.php?action=start&name=<container>, which starts or stops the target container. This vulnerability is fixed in 1.1.0."}], "id": "CVE-2026-39848", "lastModified": "2026-04-13T15:02:27.760", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-09T22:16:34.407", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/10ij/dockyard/security/advisories/GHSA-jrf6-3j4j-q36g"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://github.com/10ij/dockyard/security/advisories/GHSA-jrf6-3j4j-q36g"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.1.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "dockyard", "source": "cna", "vendor": "10ij"}, "product": "dockyard", "vendor": "10ij"}], "analysis": {"en": {"generated_at": "2026-04-09T23:23:23.213740+00:00", "value": {"mitigation_remediation": ["Update Dockyard to version 1.1.0 or later to apply the CSRF protection fix.", "If an immediate upgrade is not possible, restrict access to management interfaces and enforce strict access controls so only trusted administrators can reach /apps/action.php.", "Configure the web application firewall to block unauthorized GET requests to the action endpoint.", "Verify that no background cron jobs or automation scripts trigger start/stop operations without proper authentication checks.", "Educate administrators to avoid clicking unknown or suspicious links that could trigger remote requests from the browser."], "summary": {"action": "Patch Immediately", "impact": "Unauthorized Container Control"}, "threat_synthesis": {"affected_systems": "The vulnerable component is Dockyard by 10ij. All releases prior to version 1.1.0 are affected; Dockyard 1.1.0 and later include the fix that protects the start/stop operations.", "description_and_impact": "Dockyard\u2019s admin interface exposes a GET endpoint that starts or stops containers without CSRF protection. An attacker can cause a logged\u2011in administrator\u2019s browser to issue a request to /apps/action.php and trigger arbitrary container lifecycle changes. This allows the attacker to disrupt services by stopping critical containers or launch temporary containers that may run malicious code, thereby compromising availability and potentially confidentiality or integrity if the containers host privileged services.", "risk_and_exploitability": "The CVSS score of 6.5 indicates moderate severity. The exploit probability is not quantified (EPSS not available), and the vulnerability is not listed in CISA\u2019s KEV catalog. The attack vector is inferred to be an authenticated user (the admin) whose browser can be prompted to send the malicious request, meaning an attacker needs either direct access to the admin user\u2019s session or a social\u2011engineering technique to force the browser to send the request."}}}}, "created": "2026-04-10T08:36:46.499942+00:00", "updated": "2026-04-10T09:27:43.180628+00:00", "vendors": ["10ij", "10ij$PRODUCT$dockyard"]}