VYPR

Dokploy

by Dokploy

Source repositories

CVEs (18)

  • CVE-2026-45632CriMay 29, 2026
    risk 0.64cvss 9.9epss 0.00

    Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.26.7 and earlier, the schedule router does not enforce organization/role checks. As a result, any authenticated user can create, update, run, or delete schedules belonging to other organizations if they know the…

  • CVE-2026-45629CriMay 29, 2026
    risk 0.64cvss 9.9epss 0.01

    Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.28.8 and earlier, authenticated OS command injection in the /listen-deployment WebSocket endpoint allows any organization member to execute arbitrary system commands on remote servers managed by Dokploy, leading…

  • CVE-2026-45630CriMay 29, 2026
    risk 0.59cvss 9.0epss 0.01

    Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.28.8 and earlier, authenticated OS command injection in the application.updateTraefikConfig tRPC endpoint allows admin/owner users to execute arbitrary system commands on remote servers via unsanitized echo…

  • CVE-2026-45631CriMay 29, 2026
    risk 0.58cvss 10.0epss 0.00

    Dokploy is a free, self-hostable Platform as a Service (PaaS). From 0.27.0 to before 0.29.3, a hardcoded BETTER_AUTH_SECRET fallback ("better-auth-secret-123456789") lets an unauthenticated attacker forge email verification JWTs, trigger auto-sign-in as admin, and execute…

  • CVE-2026-45661CriMay 29, 2026
    risk 0.57cvss 9.9epss 0.01

    Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.26.5 and earlier, a critical path traversal vulnerability exists in Dokploy v0.26.5 that allows authenticated users to write arbitrary files to the filesystem during application deployment. When combined with…

  • CVE-2026-45633CriMay 29, 2026
    risk 0.57cvss 9.9epss 0.01

    Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.26.6 and earlier, Dokploy contains a command injection vulnerability in the /docker-container-logs WebSocket endpoint. The tail and since parameters are not validated and are directly concatenated into shell…

  • CVE-2026-45663CriMay 29, 2026
    risk 0.57cvss 9.9epss 0.01

    Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.29.1 and earlier, a command injection vulnerability exists in the Docker file upload functionality. When an authenticated user uploads a file to a container, the destinationPath parameter is not properly…

  • CVE-2026-27130CriMay 18, 2026
    risk 0.57cvss 9.9epss 0.01

    Dokploy is a free, self-hostable Platform as a Service (PaaS). Versions 0.26.6 and below have OS command injection through the appName parameter. 3 chained issues cause this problem: inadequate input sanitization, lack of schema validation and direct shell interpolation.…

  • CVE-2026-45628CriMay 29, 2026
    risk 0.55cvss 9.6epss 0.00

    Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.29.2 and earlier, Dokploy constructs shell commands using JavaScript template literals and executes them via child_process.exec() (which runs through /bin/sh -c). User-supplied branch names, repository URLs, and…

  • CVE-2026-45662HigMay 29, 2026
    risk 0.50cvss 8.8epss 0.01

    Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.29.0 and earlier, the deleteRegistry function in Dokploy (packages/server/src/services/registry.ts) executes docker logout ${response.registryUrl} without shell escaping. In the same file, the docker login…

  • CVE-2026-43917MedMay 29, 2026
    risk 0.27cvss epss 0.00

    Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.19.0 and earlier, the protectedProcedure middleware only verifies the user is authenticated - it does NOT enforce organization scoping. Each endpoint must individually verify the resource's org matches the…

  • CVE-2026-24841Jan 28, 2026
    risk 0.00cvss epss 0.03

    Dokploy is a free, self-hostable Platform as a Service (PaaS). In versions prior to 0.26.6, a critical command injection vulnerability exists in Dokploy's WebSocket endpoint `/docker-container-terminal`. The `containerId` and `activeWay` parameters are directly interpolated into…

  • CVE-2026-24840Jan 28, 2026
    risk 0.00cvss epss 0.00

    Dokploy is a free, self-hostable Platform as a Service (PaaS). In versions prior to 0.26.6, a hardcoded credential in the provided installation script (located at https://dokploy.com/install.sh, line 154) uses a hardcoded password when creating the database container. This means…

  • CVE-2026-24839Jan 28, 2026
    risk 0.00cvss epss 0.00

    Dokploy is a free, self-hostable Platform as a Service (PaaS). In versions prior to 0.26.6, the Dokploy web interface is vulnerable to Clickjacking attacks due to missing frame-busting headers. This allows attackers to embed Dokploy pages in malicious iframes and trick…

  • CVE-2025-53825Jul 14, 2025
    risk 0.00cvss epss 0.01

    Dokploy is a free, self-hostable Platform as a Service (PaaS). Prior to version 0.24.3, an unauthenticated preview deployment vulnerability in Dokploy allows any user to execute arbitrary code and access sensitive environment variables by simply opening a pull request on a…

  • CVE-2025-53375Jul 7, 2025
    risk 0.00cvss epss 0.00

    Dokploy is a self-hostable Platform as a Service (PaaS) that simplifies the deployment and management of applications and databases. An authenticated attacker can read any file that the Traefik process user can access (e.g., /etc/passwd, application source, environment variable…

  • CVE-2025-53376Jul 7, 2025
    risk 0.00cvss epss 0.01

    Dokploy is a self-hostable Platform as a Service (PaaS) that simplifies the deployment and management of applications and databases. An authenticated, low-privileged user can run arbitrary OS commands on the Dokploy host. The tRPC procedure docker.getContainersByAppNameMatch…

  • CVE-2025-53374Jul 7, 2025
    risk 0.00cvss epss 0.00

    Dokploy is a self-hostable Platform as a Service (PaaS) that simplifies the deployment and management of applications and databases. An authenticated low-privileged account can retrieve detailed profile information about another users in the same organization by directly…