top of page
perceptive_background_267k.jpg

Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.26.6 and earlier, Dokploy contains a command injection vulnerability in the /docker-containe…

Published:

28 mei 2026 om 22:00:00

Alert date:

29 mei 2026 om 21:09:42

Source:

nvd.nist.gov

Click to open the original link from this advisory

Cloud & Virtualization, Web Technologies

Dokploy, a free self-hostable Platform as a Service (PaaS), contains a critical command injection vulnerability in versions 0.26.6 and earlier. The vulnerability exists in the /docker-container-logs WebSocket endpoint where the tail and since parameters are not properly validated. These parameters are directly concatenated into shell commands, allowing authenticated users to execute arbitrary commands with root privileges. This represents a severe security flaw that could lead to complete system compromise.

Technical details

Mitigation steps:

Affected products:

Dokploy

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-45633
https://github.com/Dokploy/dokploy/security/advisories/GHSA-wmqj-wr9q-327p

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page