VYPR
Critical severity9.9NVD Advisory· Published May 29, 2026· Updated May 29, 2026

CVE-2026-45633

CVE-2026-45633

Description

Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.26.6 and earlier, Dokploy contains a command injection vulnerability in the /docker-container-logs WebSocket endpoint. The tail and since parameters are not validated and are directly concatenated into shell commands, allowing authenticated users to execute arbitrary commands with root privileges.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Dokploy/Dokployinferred2 versions
    <=0.26.6+ 1 more
    • (no CPE)range: <=0.26.6
    • (no CPE)range: <=0.26.6

Patches

Vulnerability mechanics

References

1

News mentions

1