Dokploy, a free self-hostable Platform as a Service (PaaS), contains a critical command injection vulnerability in versions 0.26.6 and earlier. The vulnerability exists in the /docker-container-logs WebSocket endpoint where the tail and since parameters are not properly validated. These parameters are directly concatenated into shell commands, allowing authenticated users to execute arbitrary commands with root privileges. This represents a severe security flaw that could lead to complete system compromise.