Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.26.5 and earlier, a critical path traversal vulnerability exists in Dokploy v0.26.5 that all…

A critical path traversal vulnerability in Dokploy v0.26.5 and earlier allows authenticated users to write arbitrary files to filesystems during application deployment. The vulnerability enables remote code execution via cron jobs, complete server compromise, data exfiltration, and persistent backdoor installation. When combined with Dokploy's remote server deployment feature, attackers can write arbitrary files to remote server filesystems. The vulnerability bypasses all container isolation on remote server deployments, making it particularly dangerous for production environments.