PT-2026-5045 · Dokploy · Dokploy

Asleep123

·

Publicado

2026-01-28

·

Atualizado

2026-02-02

·

CVE-2026-24840

CVSS v3.1

8.8

Alta

VetorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Dokploy versions prior to 0.26.6
Description Dokploy is a self-hostable Platform as a Service (PaaS). Installations prior to version 0.26.6 utilize a hardcoded password within the installation script, specifically at the provided URL: ''https://dokploy.com/install.sh'', line 154, when creating the database container. This results in a consistent database credential across most Dokploy deployments, potentially leading to compromise.
Recommendations Update to version 0.26.6 or later.

Exploit

Correção

Using Hardcoded Credentials

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-798

Identificadores relacionados

CVE-2026-24840
GHSA-JR65-3J3W-GJMC

Produtos afetados

Dokploy