CVE-2026-45663 in dokployinformación

Resumen

por MITRE • 2026-05-29

Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.29.1 and earlier, a command injection vulnerability exists in the Docker file upload functionality. When an authenticated user uploads a file to a container, the destinationPath parameter is not properly sanitized and is directly interpolated into a shell command string. By including shell metacharacters such as ; or ", an attacker can escape the intended docker cp command and execute arbitrary OS commands on the Dokploy host.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsable

GitHub M

Reservar

2026-05-12

Divulgación

2026-05-29

Moderación

aceptado

Artículo

VDB-367279

CPE

listo

CWE

CWE-77 (confirmado)

CVSS

9.9 (CNA)

EPSS

0.00234

KEV

Actividades

muy bajo

Fuentes

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-45663
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-45663
CVE Details	https://www.cvedetails.com/cve/CVE-2026-45663/

◂ Anterior Visión De Conjunto Próximo ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!