PT-2026-44938 · Dokploy · Dokploy

Chakradhar1228

·

Published

2026-05-29

·

Updated

2026-06-02

·

CVE-2026-45661

CVSS v3.1

9.9

Critical

VectorAV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Dokploy versions prior to 0.26.6
Description Dokploy is a self-hostable Platform as a Service (PaaS) containing a path traversal issue. This allows authenticated users to write arbitrary files to the filesystem during application deployment. When used with the remote server deployment feature, it enables arbitrary file writes to remote server filesystems, automatic remote code execution via cron jobs, complete server compromise, data exfiltration without user interaction, and persistent backdoor installation. This issue bypasses all container isolation on remote server deployments.
Recommendations Update to a version newer than 0.26.5.

Exploit

Fix

RCE

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-45661
GHSA-66V7-G3FH-47H3

Affected Products

Dokploy