CVE-2026-23846

Name of the Vulnerable Software and Affected Versions Tugtainer versions prior to 1.16.1

Description Tugtainer is a self-hosted application designed for automating updates of Docker containers. Prior to version 1.16.1, the password authentication process transmits passwords through URL query parameters rather than utilizing the HTTP request body. This practice results in passwords being recorded in server access logs and potentially exposed via browser history, Referer headers, and proxy logs.

Recommendations Update Tugtainer to version 1.16.1 or later.