CVE-2026-45662

Name of the Vulnerable Software and Affected Versions Dokploy versions prior to 0.29.1

Description Dokploy is a self-hostable Platform as a Service (PaaS). A command injection issue exists in the deleteRegistry() function within the packages/server/src/services/registry.ts file. The application executes a docker logout command using the registryUrl variable without proper shell escaping, allowing for the execution of arbitrary commands when a crafted registryUrl is provided.

Recommendations Update to a version later than 0.29.0. As a temporary workaround, restrict access to the registry deletion functionality until the update is applied.