26 matches found
CVE-2026-40077
Beszel is a server monitoring platform. Prior to 0.18.7, some API endpoints in the Beszel hub accept a user-supplied system ID and proceed without further checks that the user should have access to that system. As a result, any authenticated user can access these routes for any system if they kno...
EUVD-2026-21047
Beszel has an IDOR in hub API endpoints that read system ID from URL parameter...
Beszel has an IDOR in hub API endpoints that read system ID from URL parameter
Summary Some API endpoints in the Beszel hub accept a user-supplied system ID and proceed without further checks that the user should have access to that system. As a result, any authenticated user can access these routes for any system if they know the system's ID. System IDs are random 15...
GHSA-5F5R-95PG-XRPM Beszel has an IDOR in hub API endpoints that read system ID from URL parameter
Summary Some API endpoints in the Beszel hub accept a user-supplied system ID and proceed without further checks that the user should have access to that system. As a result, any authenticated user can access these routes for any system if they know the system's ID. System IDs are random 15...
CVE-2026-40077
Beszel is a server monitoring platform. Prior to 0.18.7, some API endpoints in the Beszel hub accept a user-supplied system ID and proceed without further checks that the user should have access to that system. As a result, any authenticated user can access these routes for any system if they kno...
CVE-2026-40077 Beszel has an IDOR in hub API endpoints that read system ID from URL parameter
Beszel is a server monitoring platform. Prior to 0.18.7, some API endpoints in the Beszel hub accept a user-supplied system ID and proceed without further checks that the user should have access to that system. As a result, any authenticated user can access these routes for any system if they kno...
CVE-2026-40077
Beszel is a server monitoring platform. Prior to 0.18.7, some API endpoints in the Beszel hub accept a user-supplied system ID and proceed without further checks that the user should have access to that system. As a result, any authenticated user can access these routes for any system if they kno...
CVE-2026-40077 Beszel has an IDOR in hub API endpoints that read system ID from URL parameter
Beszel is a server monitoring platform. Prior to 0.18.7, some API endpoints in the Beszel hub accept a user-supplied system ID and proceed without further checks that the user should have access to that system. As a result, any authenticated user can access these routes for any system if they kno...
CVE-2026-40077
Beszel is a server monitoring platform. Prior to 0.18.7, some API endpoints in the Beszel hub accept a user-supplied system ID and proceed without further checks that the user should have access to that system. As a result, any authenticated user can access these routes for any system if they kno...
CVE-2026-40077
Summary: CVE-2026-40077 describes an IDOR in Beszel’s hub API endpoints that read a system ID from URL parameters. Prior to version 0.18.7, an authenticated user could access routes for any system if they knew the system ID, with system IDs being 15-character alphanumeric tokens and container IDs...
Beszel 安全漏洞
Beszel is a lightweight server monitoring center developed by Hank’s individual developers. Versions of Beszel prior to 0.18.7 contained security vulnerabilities. These vulnerabilities stemmed from the lack of verification of users’ access rights to system IDs through certain API endpoints,...
PT-2026-31706
Name of the Vulnerable Software and Affected Versions Beszel versions prior to 0.18.7 Description Beszel is a server monitoring platform. Some API endpoints in the Beszel hub accept a user-supplied system ID without verifying user access permissions. This allows authenticated users to access rout...
SUSE CVE-2026-27734
Beszel is a server monitoring platform. Prior to version 0.18.2, the hub's authenticated API endpoints GET /api/beszel/containers/logs and GET /api/beszel/containers/info pass the user-supplied "container" query parameter to the agent without validation. The agent constructs Docker Engine API URL...
GO-2026-4571 Beszel: Docker API has a Path Traversal Vulnerability via Unsanitized Container ID in github.com/henrygd/beszel
Beszel: Docker API has a Path Traversal Vulnerability via Unsanitized Container ID in github.com/henrygd/beszel...
CVE-2026-27734
Beszel is a server monitoring platform. Prior to version 0.18.2, the hub's authenticated API endpoints GET /api/beszel/containers/logs and GET /api/beszel/containers/info pass the user-supplied "container" query parameter to the agent without validation. The agent constructs Docker Engine API URL...
EUVD-2026-9053
Beszel: Docker API has a Path Traversal Vulnerability via Unsanitized Container ID...
GHSA-PHWH-4F42-GWF3 Beszel: Docker API has a Path Traversal Vulnerability via Unsanitized Container ID
Summary The hub's authenticated API endpoints GET /api/beszel/containers/logs and GET /api/beszel/containers/info pass the user-supplied "container" query parameter to the agent without validation. The agent constructs Docker Engine API URLs using fmt.Sprintf with the raw value instead of...
CVE-2026-27734
Beszel is a server monitoring platform. Prior to version 0.18.2, the hub's authenticated API endpoints GET /api/beszel/containers/logs and GET /api/beszel/containers/info pass the user-supplied "container" query parameter to the agent without validation. The agent constructs Docker Engine API URL...
CVE-2026-27734
Beszel is a server monitoring platform. Prior to version 0.18.2, the hub's authenticated API endpoints GET /api/beszel/containers/logs and GET /api/beszel/containers/info pass the user-supplied "container" query parameter to the agent without validation. The agent constructs Docker Engine API URL...
CVE-2026-27734 Beszel Vulnerable to Docker API Path Traversal via Unsanitized Container ID
Beszel is a server monitoring platform. Prior to version 0.18.2, the hub's authenticated API endpoints GET /api/beszel/containers/logs and GET /api/beszel/containers/info pass the user-supplied "container" query parameter to the agent without validation. The agent constructs Docker Engine API URL...