Without Host validation, a malicious page the operator visits can use DNS
rebinding to point a hostname at the panel's loopback / LAN IP and drive
every authenticated API from the operator's own browser — including the
docker.sock-backed admin endpoints. The README's "intranet-only" guidance
does not cover this: the browser is the trust-boundary crossing.
Add an onRequest hook (plus a Host check on raw WebSocket upgrades) that
allows loopback + RFC1918 LAN by default and accepts public hostnames via
PANEL_ALLOWED_HOSTS (documented in .env.example and threaded through
docker-compose.yml). 35 inject()-driven assertions; tsc --noEmit clean.
Detected by Aeon + manual review (DNS-rebinding-gate axis).
Severity: high
CWE-346 (Origin Validation Error)