CVE-2026-23846 — HIGH (8.1)

Q: How severe is CVE-2026-23846?

CVE-2026-23846 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2026-23846?

Check the references section above for vendor advisories and patch information. Affected products include: Quenary Tugtainer.

Vulnerability Description

Tugtainer is a self-hosted app for automating updates of Docker containers. In versions prior to 1.16.1, the password authentication mechanism transmits passwords via URL query parameters instead of the HTTP request body. This causes passwords to be logged in server access logs and potentially exposed through browser history, Referer headers, and proxy logs. Version 1.16.1 patches the issue.

CVSS Score

8.1

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Quenary	Tugtainer	< 1.16.1

Related Weaknesses (CWE)

CWE-598

References

https://github.com/Quenary/tugtainer/commit/9d23bf40ac1d39005582abfcf0a84753a4e2Patch
https://github.com/Quenary/tugtainer/security/advisories/GHSA-f2qf-f544-xm4pExploitVendor Advisory

FAQ

What is CVE-2026-23846?

CVE-2026-23846 is a vulnerability with a CVSS score of 8.1 (HIGH). Tugtainer is a self-hosted app for automating updates of Docker containers. In versions prior to 1.16.1, the password authentication mechanism transmits passwords via URL query parameters instead of t...

How severe is CVE-2026-23846?

CVE-2026-23846 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-23846?

Check the references section above for vendor advisories and patch information. Affected products include: Quenary Tugtainer.