top of page
perceptive_background_267k.jpg

Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.28.8 and earlier, authenticated OS command injection in the /listen-deployment WebSocket end…

Published:

28 mei 2026 om 22:00:00

Alert date:

29 mei 2026 om 21:09:42

Source:

nvd.nist.gov

Click to open the original link from this advisory

Cloud & Virtualization, Web Technologies

Dokploy, a self-hostable Platform as a Service (PaaS), contains an authenticated OS command injection vulnerability in versions 0.28.8 and earlier. The vulnerability exists in the /listen-deployment WebSocket endpoint and allows any organization member to execute arbitrary system commands on remote servers managed by Dokploy. This vulnerability can lead to full server compromise of affected systems. The flaw affects the WebSocket communication mechanism used for deployment monitoring.

Technical details

Mitigation steps:

Affected products:

Dokploy

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-45629
https://github.com/Dokploy/dokploy/security/advisories/GHSA-r73h-qr3p-hf7f

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page