Dozzle's Cross-Site WebSocket Hijacking (CSWSH) on exec/attach endpointsbypasses authentication

Summary The WebSocket upgrader for the /exec and /attach endpoints uses CheckOrigin: funcr http.Request bool return true , accepting upgrade requests from any origin. Combined with the JWT cookie using SameSite: Lax, this enables Cross-Site WebSocket Hijacking CSWSH — even when authentication is...

PT-2026-39679

Name of the Vulnerable Software and Affected Versions Dozzle versions prior to 10.5.2 Description The WebSocket upgrader for the '/exec' and '/attach' endpoints accepts upgrade requests from any origin because it uses a custom CheckOrigin function that always returns true. When combined with the...

EUVD-2026-23972

Nginx-UI: Cross-Site WebSocket Hijacking CSWSH via missing origin validation on all WebSocket endpoints...

Nginx-UI: Cross-Site WebSocket Hijacking (CSWSH) via missing origin validation on all WebSocket endpoints

Summary All WebSocket endpoints in nginx-ui use a gorilla/websocket Upgrader with CheckOrigin unconditionally returning true, allowing Cross-Site WebSocket Hijacking CSWSH. Combined with the fact that authentication tokens are stored in browser cookies set via JavaScript without HttpOnly or...

Missing Origin Validation in WebSockets

Overview Affected versions of this package are vulnerable to Missing Origin Validation in WebSockets via the CheckOrigin function in the api/terminal.go file. An attacker can execute arbitrary commands on the target system by tricking an authenticated user into visiting a malicious web page that...

Atro CSRF Middleware Bypass (security.checkOrigin)

Summary A bug in Astro’s CSRF-protection middleware allows requests to bypass CSRF checks. Details When the security.checkOrigin configuration option is set to true, Astro middleware will perform a CSRF check. Source code:...