Dokploy, a free self-hostable Platform as a Service (PaaS), contains a command injection vulnerability in versions 0.26.6 and earlier. The vulnerability exists in the /docker-container-logs WebSocket endpoint where the tail and since parameters are not properly validated. These unvalidated parameters are directly concatenated into shell commands, allowing authenticated users to execute arbitrary commands with root privileges. This represents a critical security flaw that could lead to complete system compromise.