CVE-2026-24740 is an improper access control vulnerability (CWE-284) in Dozzle, a realtime log viewer for Docker containers developed by amir20. The vulnerability exists in Dozzle versions prior to 9.0.3 and relates to its agent-backed shell endpoints. Dozzle supports filtering container access based on labels (e.g., `label=env=dev`) to restrict users to specific containers. However, due to insufficient validation, a user restricted by such label filters can bypass these restrictions by directly specifying container IDs of out-of-scope containers (e.g., containers labeled `env=prod`). This allows the attacker to obtain an interactive root shell inside unauthorized containers running on the same host. The flaw effectively breaks container isolation enforced by Dozzle’s filtering mechanism, enabling privilege escalation and lateral movement within the host environment. The vulnerability is remotely exploitable over the network without requiring user interaction or elevated privileges beyond those granted by label filters. The CVSS 4.0 base score is 8.7 (high severity) reflecting the network attack vector, low attack complexity, no user interaction, and high impact on confidentiality and integrity due to root shell access. Although no public exploits are reported, the vulnerability poses a significant risk to containerized environments relying on Dozzle for log viewing and shell access. The issue was patched in Dozzle version 9.0.3 by correcting the access control checks on shell endpoints to enforce label restrictions properly.

For European organizations, this vulnerability can lead to unauthorized access to sensitive container workloads, potentially exposing confidential data and allowing attackers to manipulate or disrupt critical applications. Organizations using Dozzle in multi-tenant or segmented environments risk cross-container attacks, undermining container isolation and increasing the attack surface. This can result in data breaches, service disruptions, and lateral movement within internal networks. Industries with strict data protection requirements, such as finance, healthcare, and critical infrastructure, face heightened risks due to potential exposure of regulated data. The ability to gain root shell access without user interaction or elevated privileges makes this vulnerability particularly dangerous in automated or large-scale container deployments common in European enterprises. Additionally, the vulnerability could facilitate further attacks on the host system or connected infrastructure, amplifying the impact.

1. Upgrade Dozzle to version 9.0.3 or later immediately to apply the official patch that enforces proper access control on shell endpoints. 2. Review and tighten container label policies to ensure minimal privileges are granted and labels accurately reflect access boundaries. 3. Implement network segmentation and firewall rules to restrict access to Dozzle’s agent endpoints only to trusted users and systems. 4. Monitor container shell access logs and audit trails for unusual or unauthorized interactive shell sessions, especially those targeting containers outside expected label scopes. 5. Employ container security tools that enforce runtime policies and detect privilege escalation attempts within containers. 6. Educate DevOps and security teams about the risks of improper access control in container management tools and encourage regular vulnerability scanning and patching. 7. Consider isolating critical containers on separate hosts or using additional container security layers to limit the impact of potential breaches.