CVE-2026-24841

CVSS v3.1

9.9

Critical

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L

Name of the Vulnerable Software and Affected Versions Dokploy versions prior to 0.26.6

Description Dokploy is a Platform as a Service (PaaS). A command injection issue exists in versions prior to 0.26.6 within the /docker-container-terminal WebSocket endpoint. The containerId and activeWay parameters are directly used in shell commands without proper sanitization. This allows an authenticated attacker to execute arbitrary commands on the host server.

Recommendations Versions prior to 0.26.6 should be updated to version 0.26.6 or later.

Exploit

Fix

RCE

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2026-24841

GHSA-VX6X-6559-X35R

Affected Products

Dokploy

CVE-2026-24841

Weakness Enumeration

Related Identifiers

Affected Products

References · 14