{"@context":"https://openvex.dev/ns/v0.2.0","@id":"https://database.harborguard.co/cve/CVE-2026-58455/vex.json","author":"HarborGuard Database","role":"Document Creator","timestamp":"2026-07-02T15:12:10.383Z","version":1,"tooling":"HarborGuard Database (https://database.harborguard.co)","statements":[{"vulnerability":{"name":"CVE-2026-58455","@id":"https://www.cve.org/CVERecord?id=CVE-2026-58455","description":"Dockwatch through 0.6.567 contains an unauthenticated OS command injection vulnerability that allows remote attackers to execute arbitrary shell commands by exploiting a missing exit() after an authentication redirect in loader.php combined with unsanitized input passed to shell_exec() in ajax/compose.php. Attackers can seed the required session flag through the incomplete auth check, then inject arbitrary commands via the composePath POST parameter in the composePull action to achieve full host"},"products":[{"@id":"cpe:2.3:a:notifiarr:dockwatch:*:*:*:*:*:*:*:*","identifiers":{"cpe23":"cpe:2.3:a:notifiarr:dockwatch:*:*:*:*:*:*:*:*"}}],"status":"affected","action_statement":"No fixed version is published yet; monitor the upstream advisory.","timestamp":"2026-07-02T15:12:10.383Z"}]}