216.73.217.64

CVE-2026-45630

· Published 29/05/2026 18:17 · Modified 29/05/2026 20:25

Labels: CVE-2026-45630 2026-05-29CVE-2026-45630CWE-78[email protected]

Essential information

Published
29/05/2026 18:17
Modified
29/05/2026 20:25
Author
Creator
CVSS
9.0 CRITICAL (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L

CVSS metrics

Description

Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.28.8 and earlier, authenticated OS command injection in the application.updateTraefikConfig tRPC endpoint allows admin/owner users to execute arbitrary system commands on remote servers via unsanitized echo shell interpolation.

NVD status

Status
Deferred — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
dokploy / dokploy cpe:2.3:a:dokploy:dokploy:<=0.28.8:*:*:*:*:*:*:*

References