top of page
perceptive_background_267k.jpg

Dokploy is a free, self-hostable Platform as a Service (PaaS). In versions prior to 0.26.6, a hardcoded credential in the provided installation script (located …

Published:

27 January 2026 at 23:00:00

Alert date:

28 January 2026 at 02:02:07

Source:

nvd.nist.gov

Click to open the original link from this advisory

Cloud & Virtualization, Database & Storage

Dokploy, a self-hostable Platform as a Service (PaaS), contains a critical vulnerability in versions prior to 0.26.6 where the installation script uses hardcoded database credentials. The vulnerability is located in the install.sh script at line 154, causing nearly all Dokploy installations to use identical database credentials. This exposes all affected installations to potential compromise since attackers can easily access databases using the known hardcoded password. The issue has been patched in version 0.26.6.

Technical details

Mitigation steps:

Affected products:

Dokploy

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-24840
https://dokploy.com/install.sh
https://github.com/Dokploy/dokploy/commit/b902c160a256ad345ac687c87eb092f1fab2c64d
https://github.com/Dokploy/dokploy/security/advisories/GHSA-jr65-3j3w-gjmc

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page