top of page
perceptive_background_267k.jpg

Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.28.8 and earlier, authenticated OS command injection in the application.updateTraefikConfig …

Published:

28 May 2026 at 22:00:00

Alert date:

29 May 2026 at 19:07:03

Source:

nvd.nist.gov

Click to open the original link from this advisory

Cloud & Virtualization, Web Technologies

CVE-2026-45630 affects Dokploy, a free self-hostable Platform as a Service (PaaS) solution. The vulnerability exists in versions 0.28.8 and earlier, specifically in the application.updateTraefikConfig tRPC endpoint. Authenticated admin/owner users can exploit this OS command injection flaw to execute arbitrary system commands on remote servers. The vulnerability stems from unsanitized echo shell interpolation, allowing attackers with elevated privileges to gain unauthorized command execution capabilities on the affected systems.

Technical details

Mitigation steps:

Affected products:

Dokploy

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-45630
https://github.com/Dokploy/dokploy/security/advisories/GHSA-p787-6gqg-cvp5

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page