Dokploy, a self-hostable Platform as a Service, contains a critical vulnerability in versions 0.26.7 and earlier where the schedule router fails to enforce organization/role checks. This allows any authenticated user to manipulate schedules belonging to other organizations if they know the scheduleId/serverId. The vulnerability enables remote code execution on the Dokploy host or target servers through schedule types that write and execute scripts. The flaw represents a significant authorization bypass that can lead to complete system compromise.