CVE-2026-23846 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Tugtainer is a self-hosted app for automating updates of Docker containers. In versions prior to 1.16.1, the password authentication mechanism transmits passwor…
High CVSS: 8.1

CVE-2026-23846

Tugtainer is a self-hosted app for automating updates of Docker containers. In versions prior to 1.16.1, the password authentication mechanism transmits passwords via URL query parameters instead of the HTTP request body. This causes passwords to be logged in server access logs and potentially exposed through browser history, Referer headers, and proxy logs. Version 1.16.1 patches the issue.
Vendor
Quenary
Product
Tugtainer
CWE
CWE-598
Yayın Tarihi
2026-01-19 20:15:49
Güncelleme
2026-02-05 18:44:54
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-598 Tugtainer HIGH Quenary 2026

Referanslar

https://github.com/Quenary/tugtainer/commit/9d23bf40ac1d39005582abfcf0a84753a4e29d52 https://github.com/Quenary/tugtainer/security/advisories/GHSA-f2qf-f544-xm4p