PT-2026-44938 · Dokploy · Dokploy
Chakradhar1228
·
Published
2026-05-29
·
Updated
2026-06-02
·
CVE-2026-45661
CVSS v3.1
9.9
Critical
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Dokploy versions prior to 0.26.6
Description
Dokploy is a self-hostable Platform as a Service (PaaS) containing a path traversal issue. This allows authenticated users to write arbitrary files to the filesystem during application deployment. When used with the remote server deployment feature, it enables arbitrary file writes to remote server filesystems, automatic remote code execution via cron jobs, complete server compromise, data exfiltration without user interaction, and persistent backdoor installation. This issue bypasses all container isolation on remote server deployments.
Recommendations
Update to a version newer than 0.26.5.
Exploit
Fix
RCE
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Dokploy