CVE-2026-23846

Exploit

EPSS 0.4%
Veröffentlicht 19.01.2026 19:42:35
Zuletzt bearbeitet 05.02.2026 18:44:54
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Tugtainer vulnerable to Password Exposure via URL Query Parameter

Tugtainer is a self-hosted app for automating updates of Docker containers. In versions prior to 1.16.1, the password authentication mechanism transmits passwords via URL query parameters instead of the HTTP request body. This causes passwords to be logged in server access logs and potentially exposed through browser history, Referer headers, and proxy logs. Version 1.16.1 patches the issue.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Quenary ≫ Tugtainer SwPlatformdocker Version < 1.16.1

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.4%	0.319

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.1	3.9	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
security-advisories@github.com	8.1	2.8	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE-598 Use of GET Request Method With Sensitive Query Strings

The web application uses the HTTP GET method to process a request and includes sensitive information in the query string of that request.

https://github.com/Quenary/tugtainer/security/advisories/GHSA-f2qf-f544-xm4p

Vendor Advisory

Exploit

https://github.com/Quenary/tugtainer/commit/9d23bf40ac1d39005582abfcf0a84753a4e29d52

Patch

https://nvd.nist.gov/vuln/detail/CVE-2026-23846

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-23846

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-23846

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-23846