Dokploy is a free, self-hostable Platform as a Service (PaaS). From 0.27.0 to before 0.29.3, a hardcoded BETTER_AUTH_SECRET fallback ("better-auth-secret-123456…

Critical vulnerability in Dokploy PaaS platform (versions 0.27.0 to before 0.29.3) where a hardcoded BETTER_AUTH_SECRET fallback value allows unauthenticated attackers to forge JWT tokens. Attackers can exploit this to auto-sign-in as admin and execute commands on the host system via the built-in SSH terminal. The hardcoded secret 'better-auth-secret-123456789' enables complete system compromise. This represents a severe authentication bypass vulnerability that grants administrative access to unauthorized users. The vulnerability has been patched in version 0.29.3.