Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.
9.2

CVE-2026-58455: Dockwatch 0.6.567 Allows Unauthorized Access to Server

CVE-2026-58455 CVE-2026-58455
Summary

A security flaw in Dockwatch 0.6.567 allows an attacker to execute commands on your server without permission. This could lead to unauthorized access and potentially give the attacker control over your system. Update Dockwatch to the latest version to fix this issue.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software
VendorProductAffected versions
notifiarr dockwatch <= 0.6.567
Original title
Dockwatch through 0.6.567 contains an unauthenticated OS command injection vulnerability that allows remote attackers to execute arbitrary shell commands by exploiting a missing exit() after an aut...
Original description
Dockwatch through 0.6.567 contains an unauthenticated OS command injection vulnerability that allows remote attackers to execute arbitrary shell commands by exploiting a missing exit() after an authentication redirect in loader.php combined with unsanitized input passed to shell_exec() in ajax/compose.php. Attackers can seed the required session flag through the incomplete auth check, then inject arbitrary commands via the composePath POST parameter in the composePull action to achieve full host compromise, facilitated by the standard deployment mounting of the Docker socket.
mitre CVSS3.1 9.8
Vulnerability type
CWE-698
CWE-78 OS Command Injection
Published: 2 Jul 2026 · Updated: 3 Jul 2026 · First seen: 2 Jul 2026