PT-2026-44932 · Dokploy · Dokploy
Davidcarliez
·
Published
2026-05-29
·
Updated
2026-05-29
·
CVE-2026-45628
CVSS v3.1
9.6
Critical
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Dokploy versions prior to 0.29.3
Description
Dokploy constructs shell commands using JavaScript template literals and executes them via the
child process.exec() function, which runs through /bin/sh -c. User-supplied data, specifically branch names, repository URLs, and Docker credentials, are interpolated directly into these commands without proper escaping. This allows an authenticated user with application create or edit privileges to perform command injection.Recommendations
Update to a version later than 0.29.2.
Exploit
Fix
RCE
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Dokploy