CVE-2026-45629
Description
Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.28.8 and earlier, authenticated OS command injection in the /listen-deployment WebSocket endpoint allows any organization member to execute arbitrary system commands on remote servers managed by Dokploy, leading to full server compromise.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Authenticated OS command injection in Dokploy's /listen-deployment WebSocket endpoint allows any organization member to execute arbitrary commands on managed servers, leading to full compromise.
Vulnerability
In Dokploy versions 0.28.8 and earlier, the /listen-deployment WebSocket endpoint in apps/dokploy/server/wss/listen-deployment.ts suffers from an OS command injection vulnerability. The logPath parameter is validated by readValidDirectory() in packages/server/src/wss/utils.ts, which uses path.resolve() to check that the resolved path starts with the configured BASE_PATH (/etc/dokploy). However, path.resolve() treats shell metacharacters such as ; as valid filename characters on Linux, allowing an attacker to bypass the path validation. The unsanitized logPath is then directly interpolated into a shell command (tail -n +1 -f ${logPath};) and executed via SSH on the target server. [1]
Exploitation
An attacker must be an authenticated user of the Dokploy instance and belong to an organization that has at least one server configured with an SSH key. The /listen-deployment WebSocket endpoint does not enforce the tRPC permission middleware; its hand-written authorization only verifies that the user is authenticated, the server belongs to the user's organization, and the server has an SSH key. It does not check accessedServices, accessedServers, or call checkServicePermissionAndAccess(), meaning any organization member (the default role) can target any server in the organization. To exploit, the attacker connects to the WebSocket endpoint with a crafted logPath parameter that includes shell metacharacters (e.g., ; followed by arbitrary commands). The injected commands are executed on the remote server via SSH. [1]
Impact
Successful exploitation allows an attacker to execute arbitrary system commands on any remote server managed by Dokploy within the attacker's organization. This leads to full compromise of the target server, including potential data exfiltration, installation of backdoors, and lateral movement within the infrastructure. [1]
Mitigation
As of the publication date (2026-05-29), no patch has been released for this vulnerability. Users of Dokploy 0.28.8 and earlier should restrict network access to the Dokploy instance to trusted users only, carefully review organization membership, and monitor for updates from the project maintainers. If possible, disable the WebSocket endpoint or apply a custom validation that properly sanitizes the logPath parameter. [1]
AI Insight generated on May 29, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"The `readValidDirectory()` function does not reject shell metacharacters, allowing a crafted `logPath` to bypass path validation and be interpolated into an SSH command string."
Attack vector
An attacker who is a registered user (default 'member' role) of a Dokploy organization connects to the `/listen-deployment` WebSocket endpoint with a crafted `logPath` query parameter containing shell metacharacters (e.g., `;id;#`). The `readValidDirectory()` function [ref_id=1] accepts the path because `path.resolve()` treats `;` as a valid filename character, and the parameter is then interpolated into an SSH command string executed on the remote server [ref_id=1]. This results in OS command injection [CWE-78] allowing arbitrary command execution with the privileges of the SSH user on any server that has an SSH key configured in the organization.
Affected code
The vulnerability resides in `apps/dokploy/server/wss/listen-deployment.ts` where the `logPath` parameter is interpolated directly into an SSH `tail -f` command. The validation function `readValidDirectory()` in `packages/server/src/wss/utils.ts` only checks that the resolved path starts with `BASE_PATH` but does not reject shell metacharacters, so a payload like `/etc/dokploy/apps;id;#` passes the check. Additionally, the WebSocket endpoint lacks the tRPC permission middleware, so any authenticated organization member can target any server in the organization.
What the fix does
The advisory recommends three fix options [ref_id=1]: Option A adds a strict regex (`/^[a-zA-Z0-9_\-\/\. ]{0,500}$/`) to reject shell metacharacters before `readValidDirectory()` is called. Option B Base64-encodes the path so that shell interpretation is avoided when the command runs. Option C replaces the shell `tail` command with SFTP streaming, which eliminates the shell interpolation entirely. Any of these would prevent an attacker from injecting arbitrary commands through the `logPath` parameter.
Preconditions
- authThe attacker must be a registered user of a Dokploy organization (default 'member' role).
- configThe target server must have an SSH key configured in the organization.
- networkThe attacker must be able to reach the Dokploy WebSocket endpoint over the network.
- inputThe attacker must supply a `logPath` parameter containing shell metacharacters such as `;`.
Generated on May 29, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
1News mentions
0No linked articles in our index yet.