External risk intelligence

Dokploy Command Injection Vulnerability Exposes Host System.

CVE advisorySeverity: CRITICAL (CVSS 9.9)

CVE-2026-45663

A command injection vulnerability in Dokploy's file upload functionality allows authenticated users to execute arbitrary operating system commands on the host. This impacts affected organizations by posing risks to systems, data, and services. The realistic business risk includes unauthorized control over the host envi

4Halo Surface Signal

Command Injection

External exposure likelihood

Halo Surface Signal score for CVE-2026-45663

Dokploy is a self-hostable Platform as a Service (PaaS) designed to manage deployments and containers. By nature, such administrative and management interfaces are commonly exposed to the internet to allow remote management of applications and infrastructure, making the underlying management functions accessible to authenticated users.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Horizon Alert

Summary of the vulnerability and why it matters

Dokploy's Docker file upload functionality contains a command injection vulnerability. This flaw allows authenticated users to execute arbitrary operating system commands on the Dokploy host. The impact of such a compromise could include unauthorized data access, system modification, or disruption of services.

  • Vulnerable file upload functionality
  • Improper destination path sanitization
  • Arbitrary OS command execution

Attack Path

How an attacker could exploit the issue

The Dokploy Platform as a Service allows authenticated users to upload files to containers. The system's file upload functionality contains a command injection vulnerability. An attacker can exploit this by manipulating the destination path during the file upload process to execute arbitrary operating system commands on the Dokploy host. This could lead to unauthorized control over the host system.

  • Authenticated access to the upload feature.
  • Attacker injects shell metacharacters.
  • Arbitrary OS commands are executed.

Live Threat

Current exploitation, exposure, and threat context

A vulnerability in Dokploy's file upload functionality could allow an attacker to execute arbitrary operating system commands on the host system. This could occur if an authenticated user uploads a specially crafted file, bypassing security measures by including specific characters in the file's destination path. The potential for unauthorized command execution presents a significant risk to the integrity and security of the host environment.

  • Attackers with authenticated access.
  • Exploitation requires network access.
  • High business risk, potentially urgent.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

This vulnerability allows an authenticated user to execute arbitrary operating system commands on the host system through a Docker file upload function. The impact can be severe, potentially leading to a complete compromise of the affected host. Attackers can leverage this by injecting malicious commands via specially crafted file uploads. This could affect systems, data, and expose the organization to significant business risk.

  • Identify Dokploy instances with file upload functionality.
  • Restrict file upload access.
  • Update Dokploy and verify the fix.

Frequently asked questions

What is Dokploy and what is its primary function?

Dokploy is a free, self-hostable Platform as a Service (PaaS) designed for managing application deployments and containers. It provides an administrative interface for users to host and manage their applications and infrastructure.

What is CVE-2026-45663 and what weakness class does it represent?

CVE-2026-45663 is a command injection vulnerability within Dokploy's file upload feature, specifically related to CWE-77. This weakness allows for the execution of arbitrary operating system commands.

How can the Dokploy vulnerability be triggered?

The vulnerability is triggered when an authenticated user uploads a file to a container. By manipulating the 'destinationPath' parameter and including shell metacharacters, an attacker can escape the intended 'docker cp' command and execute arbitrary OS commands on the Dokploy host.

What is the relevance of CVE-2026-45663 to Dokploy's management interface?

Dokploy's administrative and management interfaces are often exposed to the internet for remote management. This exposure makes the underlying functions, including file uploads, accessible to authenticated users, increasing the likelihood of this vulnerability being exploited.

What steps should be taken to address the Dokploy vulnerability?

To address this vulnerability, organizations should identify Dokploy instances that utilize the file upload functionality. It is recommended to restrict access to this feature where possible and to update Dokploy to a version that includes the necessary fixes.

References

Sources and related resources

Primary sources: NVD, CVE.org.

NVDPublished