Dokploy: Command Injection in /docker-container-logs Endpoint_CVE-2026-45633

9.9 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Description

Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.26.6 and earlier, Dokploy contains a command injection vulnerability in the /docker-container-logs WebSocket endpoint. The tail and since parameters are not validated and are directly concatenated into shell commands, allowing authenticated users to execute arbitrary commands with root privileges.

Basic Information

ID CVE-2026-45633

Source GitHub_M

Published May 29, 2026 at 16:10

Affected Product

Vendor Dokploy

Product dokploy

Version <= 0.26.6

Affected Versions Dokploy dokploy <= 0.26.6

CWE Classification

CWE-78

References

github.com /Dokploy/dokploy/security/advisories/GHSA-wmqj-wr9q-327p

{
    "lastseen": "",
    "description": "Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.26.6 and earlier, Dokploy contains a command injection vulnerability in the /docker-container-logs WebSocket endpoint. The tail and since parameters are not validated and are directly concatenated into shell commands, allowing authenticated users to execute arbitrary commands with root privileges.",
    "published": "2026-05-29T16:10:20.278Z",
    "modified": "2026-05-29T16:10:20.278Z",
    "type": "cve",
    "title": "Dokploy: Command Injection in /docker-container-logs Endpoint",
    "source": "GitHub_M",
    "references": "https://github.com/Dokploy/dokploy/security/advisories/GHSA-wmqj-wr9q-327p",
    "id": "CVE-2026-45633",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78"
    ],
    "cvelist": null,
    "sourceData": "Dokploy dokploy <= 0.26.6",
    "sourceHref": "",
    "cvss": {
        "score": 9.9,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "dokploy",
    "version": "<= 0.26.6",
    "vendor": "Dokploy",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}