📧 info@ciso.sa | 📱 +966550939344 | Riyadh, Kingdom of Saudi Arabia
About FAQ Contact Us Terms of Service Privacy Policy 🌐 العربية
🔐

Welcome — Sign in or create an account for full access.

🔑 Sign In ✨ Register
🌐 العربية Sign In Create Account
🔧 Scheduled Maintenance — Saturday 2:00-4:00 AM AST. Some features may be temporarily unavailable.    ●   
💎
Pro Plan 50% Off Unlock all AI features, unlimited reports, and priority support. Upgrade
Search Center
ESC to close
navigate open Ctrl+K search
CISO Consulting
Global supply_chain Software Development HIGH 52m Global data_breach Enterprise Software / Information Technology CRITICAL 2h Global vulnerability Technology/Software CRITICAL 4h Global malware Social Media and Consumer Technology HIGH 4h Global botnet Information Technology and IoT HIGH 4h Global vulnerability Enterprise Security, Software Development CRITICAL 5h Global vulnerability Software Development, Artificial Intelligence HIGH 5h Global apt Defense and Military CRITICAL 5h Global vulnerability Networking, Software, Infrastructure HIGH 5h Global phishing Information Technology HIGH 6h Global supply_chain Software Development HIGH 52m Global data_breach Enterprise Software / Information Technology CRITICAL 2h Global vulnerability Technology/Software CRITICAL 4h Global malware Social Media and Consumer Technology HIGH 4h Global botnet Information Technology and IoT HIGH 4h Global vulnerability Enterprise Security, Software Development CRITICAL 5h Global vulnerability Software Development, Artificial Intelligence HIGH 5h Global apt Defense and Military CRITICAL 5h Global vulnerability Networking, Software, Infrastructure HIGH 5h Global phishing Information Technology HIGH 6h Global supply_chain Software Development HIGH 52m Global data_breach Enterprise Software / Information Technology CRITICAL 2h Global vulnerability Technology/Software CRITICAL 4h Global malware Social Media and Consumer Technology HIGH 4h Global botnet Information Technology and IoT HIGH 4h Global vulnerability Enterprise Security, Software Development CRITICAL 5h Global vulnerability Software Development, Artificial Intelligence HIGH 5h Global apt Defense and Military CRITICAL 5h Global vulnerability Networking, Software, Infrastructure HIGH 5h Global phishing Information Technology HIGH 6h
Vulnerabilities

CVE-2026-45298

High ⚡ Exploit Available
CWE-918 — Weakness Type
Published: May 26, 2026  ·  Modified: Jun 2, 2026  ·  Source: NVD
CVSS v3
8.6
🔗 NVD Official
📄 Description (English)

Dozzle is a realtime log viewer for docker containers. Prior to 10.5.2, in a default dozzle deploy (the documented quickstart, no DOZZLE_AUTH_PROVIDER set), POST /api/notifications/test-webhook is reachable without authentication and forwards an attacker-controlled URL into a WebhookDispatcher that sends an HTTP POST to the supplied URL with attacker-controlled request headers, and returns the response status code AND up to 1MB of the response body to the caller, when the target replies non-2xx. This vulnerability is fixed in 10.5.2.

🤖 AI Executive Summary

Dozzle versions before 10.5.2 allow unauthenticated attackers to perform Server-Side Request Forgery (SSRF) attacks via the /api/notifications/test-webhook endpoint, enabling arbitrary HTTP requests to internal systems. The vulnerability affects default deployments without authentication configured and can leak up to 1MB of response data from targeted services.

📄 Description (Arabic)

تسمح ثغرة Server-Side Request Forgery في Dozzle بإرسال طلبات HTTP عشوائية إلى عناوين URL يتحكم بها المهاجم من خلال نقطة نهاية غير محمية. يمكن للمهاجمين الوصول إلى الخدمات الداخلية والحصول على بيانات حساسة من الاستجابات. تؤثر الثغرة على النشرات الافتراضية التي لم يتم تكوين مصادقة فيها.

🤖 ملخص تنفيذي (AI)

إصدارات Dozzle السابقة للإصدار 10.5.2 تسمح للمهاجمين غير المصرح لهم بتنفيذ هجمات SSRF عبر نقطة نهاية /api/notifications/test-webhook، مما يتيح طلبات HTTP عشوائية للأنظمة الداخلية. يؤثر الثغرة على النشرات الافتراضية بدون مصادقة مكونة ويمكن أن تسرب ما يصل إلى 1 ميجابايت من بيانات الاستجابة.

🤖 AI Intelligence Analysis Analyzed: May 31, 2026 18:16
🇸🇦 Saudi Arabia Impact Assessment
Saudi Relevance: high
🏢 Affected Saudi Sectors
banking telecom energy government healthcare
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
8.0
/ 10.0
🔧 Remediation Steps (English)
Upgrade Dozzle to version 10.5.2 or later immediately. Implement network-level access controls to restrict outbound connections from Dozzle containers. Enable DOZZLE_AUTH_PROVIDER in production deployments to require authentication. Deploy Dozzle behind a reverse proxy with authentication and rate limiting. Restrict webhook functionality to authenticated users only.
🔧 خطوات المعالجة (العربية)
قم بترقية Dozzle إلى الإصدار 10.5.2 أو أحدث فوراً. طبق عناصر تحكم الوصول على مستوى الشبكة لتقييد الاتصالات الصادرة من حاويات Dozzle. فعّل DOZZLE_AUTH_PROVIDER في نشرات الإنتاج لتطلب المصادقة. انشر Dozzle خلف وكيل عكسي مع المصادقة وتحديد المعدل. قيّد وظيفة webhook للمستخدمين المصرح لهم فقط.
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
5.1.1 5.2.1 5.3.1
🔵 SAMA CSF
AC-2 AC-3 SI-10
🟡 ISO 27001:2022
A.6.1.2 A.13.1.1 A.14.2.1
📦 Affected Products / CPE 1 entries
amirraminfar:dozzle
📊 CVSS Score
8.6
/ 10.0 — High
📊 CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Attack VectorN — None / Network
Attack ComplexityL — Low / Local
Privileges RequiredN — None / Network
User InteractionN — None / Network
ScopeC — Changed
ConfidentialityH — High
IntegrityN — None / Network
AvailabilityN — None / Network
📋 Quick Facts
Severity High
CVSS Score8.6
CWECWE-918
EPSS0.02%
Exploit ✓ Yes
Patch ✗ No
Published 2026-05-26
Source Feed nvd
🇸🇦 Saudi Risk Score
8.0
/ 10.0 — Saudi Risk
Priority: HIGH
🏷️ Tags
exploit-available CWE-918
🏢 Vendor Advisories
🔗 https://github.com/amir20/dozzle/security/advisories... 🔗 https://github.com/amir20/dozzle/security/advisories...
⚡ Actions
🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details
Share this CVE
LinkedIn X / Twitter WhatsApp Telegram
📣 Found this valuable?
Share it with your cybersecurity network
in LinkedIn 𝕏 X / Twitter 💬 WhatsApp ✈ Telegram
🍪 Privacy Preferences
CISO Consulting — Compliant with Saudi Personal Data Protection Law (PDPL)
We use cookies and similar technologies to provide the best experience on our platform. You can choose which types you accept.
🔒
Essential Always On
Required for the website to function properly. Cannot be disabled.
📋 Sessions, CSRF tokens, authentication, language preferences
📊
Analytics
Help us understand how visitors use the site and improve performance.
📋 Page views, session duration, traffic sources, performance metrics
⚙️
Functional
Enable enhanced features like content personalization and preferences.
📋 Dark/light theme, font size, custom dashboards, saved filters
📣
Marketing
Used to deliver content and ads relevant to your interests.
📋 Campaign tracking, retargeting, social media analytics
Privacy Policy →
CISO AI Assistant
Ask anything · Documents · Support
🔐

Introduce Yourself

Enter your details to access the full assistant

Your info is private and never shared
💬
CyberAssist
Online · responds in seconds
5 / 5
🔐 Verify Your Identity

Enter your email to receive a verification code before submitting a support request.

Enter to send · / for commands 0 / 2000
CISO AI · Powered by Anthropic Claude
✦ Quick Survey Help Us Improve CISO Consulting Your feedback shapes the future of our platform — takes less than 2 minutes.
⚠ Please answer this question to continue

How would you rate your overall experience with our platform?

Rate from 1 (poor) to 5 (excellent)

🎉
Thank you!
Your response has been recorded.