CVE-2026-45630

CVSS v3.1

9.0

Critical

Vector

AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L

Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.28.8 and earlier, authenticated OS command injection in the application.updateTraefikConfig tRPC endpoint allows admin/owner users to execute arbitrary system commands on remote servers via unsanitized echo shell interpolation.

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2026-45630

Affected Products

Dokploy

CVE-2026-45630

Weakness Enumeration

Related Identifiers

Affected Products

References · 2