Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.9
CVE-2026-45633: Dokploy command injection vulnerability in Docker logs endpoint
CVE-2026-45633
Summary
Dokploy's self-hosted PaaS platform has a security flaw in its Docker logs feature. This allows authenticated users to execute commands with root access, potentially leading to unauthorized changes or data breaches. Update to version 0.26.7 or later to fix the issue.
Original title
Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.26.6 and earlier, Dokploy contains a command injection vulnerability in the /docker-container-logs WebSocket endpoint. The tail a...
Original description
Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.26.6 and earlier, Dokploy contains a command injection vulnerability in the /docker-container-logs WebSocket endpoint. The tail and since parameters are not validated and are directly concatenated into shell commands, allowing authenticated users to execute arbitrary commands with root privileges.
nvd CVSS3.1
9.9
Vulnerability type
CWE-78
OS Command Injection
Published: 29 May 2026 · Updated: 31 May 2026 · First seen: 29 May 2026