Dokku: Arbitrary File Write via Tar Symlink Traversal in git:from-archive...

9 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Description

Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:from-archive and certs:add commands extract user-supplied tar/zip archives into temporary directories without sanitizing member paths or preventing symlink traversal. GNU tar creates symlinks during extraction and follows them for subsequent entries, allowing an attacker to write arbitrary files anywhere writable by the dokku user — including overwriting ~/.ssh/authorized_keys to gain unrestricted shell access. This vulnerability is fixed in 0.38.2.

AI Analysis

Arbitrary file write via tar symlink traversal in git:from-archive and certs:add commands

Basic Information

ID CVE-2026-45405

Source GitHub_M

Published Jun 26, 2026 at 16:23

Affected Product

Vendor dokku

Product dokku

Version < 0.38.2

Affected Versions dokku dokku < 0.38.2

CWE Classification

CWE-59

AI Assessment

AI Score 9 / 10

AI Severity Critical

Vendor Dokku

Product Dokku

Version < 0.38.2

References

{
    "lastseen": "",
    "description": "Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:from-archive and certs:add commands extract user-supplied tar/zip archives into temporary directories without sanitizing member paths or preventing symlink traversal. GNU tar creates symlinks during extraction and follows them for subsequent entries, allowing an attacker to write arbitrary files anywhere writable by the dokku user \u2014 including overwriting ~/.ssh/authorized_keys to gain unrestricted shell access. This vulnerability is fixed in 0.38.2.",
    "published": "2026-06-26T16:23:05.454Z",
    "modified": "2026-06-26T16:23:05.454Z",
    "type": "cve",
    "title": "Dokku: Arbitrary File Write via Tar Symlink Traversal in git:from-archive and certs:add",
    "source": "GitHub_M",
    "references": "https://github.com/dokku/dokku/security/advisories/GHSA-j6qq-xg73-ghqg\nhttps://github.com/dokku/dokku/pull/8591",
    "id": "CVE-2026-45405",
    "bulletinFamily": "",
    "cwe": [
        "CWE-59"
    ],
    "cvelist": null,
    "sourceData": "dokku dokku < 0.38.2",
    "sourceHref": "",
    "cvss": {
        "score": 9,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "dokku",
    "version": "< 0.38.2",
    "vendor": "dokku",
    "ai_description": "Arbitrary file write via tar symlink traversal in git:from-archive and certs:add commands",
    "ai_severity": "Critical",
    "ai_vendor": "Dokku",
    "ai_product": "Dokku",
    "ai_version": "< 0.38.2",
    "ai_score": 9
}

Dokku: Arbitrary File Write via Tar Symlink Traversal in git:from-archive and certs:add_CVE-2026-45405