How is CVE-2026-45663 exploited?

Network reachability (required): The attacker must reach the Dokploy web interface over the network (AV:N). Authentication (required): A low-privilege authenticated Dokploy account is sufficient to invoke the vulnerable file upload (PR:L). Victim interaction (not-required): No user has to click or approve anything; the attacker drives the upload request directly (UI:N). Attack complexity (info): Exploitation is reliable and condition-free: appending shell metacharacters to destinationPath is enough (AC:L).

What is the impact of CVE-2026-45663?

Executes arbitrary OS commands on the Dokploy host as the service user, yielding full remote code execution. Reads any data the Dokploy process can access, including environment secrets, deployment credentials, and managed container state. Modifies or destroys persisted configuration, container definitions, and files on the host filesystem. Disrupts or takes offline every container and application orchestrated by the affected Dokploy instance.

Back to search

CRITICALCVE-2026-45663Published 2026-05-29Modified 2026-05-29CNA GitHub_M

CVE-2026-45663: Dokploy: Remote Code Execution via destinationPath in Container File Upload

Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.29.1 and earlier, a command injection vulnerability exists in the Docker file upload functionality. When an authenticated user uploads a file to a container, the destinationPath parameter is not properly sanitized and is directly interpolated into a shell command string. By including shell metacharacters such as ; or ", an attacker can escape the intended docker cp command and execute arbitrary OS commands on the Dokploy host.

HarborGuard Analysis

HarborGuard analysis

Synopsis

Command injection in Dokploy's Docker file upload functionality. An authenticated user can supply a destinationPath parameter containing shell metacharacters that escape the intended docker cp invocation, allowing arbitrary OS commands to run on the Dokploy host over the network. Successful exploitation yields remote code execution on the PaaS host with full read, write, and service-disruption impact across managed containers. HarborGuard tracks the advisory and will make a patched-image rebuild available as soon as an upstream fix is published.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment, with the advisory ingested from upstream feeds within minutes of publication and matched against Dokploy images in customer registries and CI pipelines. Coverage extends to custom-built images that wrap or extend Dokploy 0.29.1 and earlier.

Available

Triage

Triage is available with the published CVSS 3.1 base score of 9.9 (Critical) weighted against each environment's compliance policy, so a host-level RCE in an internet-exposed PaaS is escalated differently than the same finding in an isolated lab image. Findings route to the security or platform inbox configured inside each customer org.

Available

Patch

No upstream fix has been published for Dokploy at this time. HarborGuard re-checks the advisory each ingest cycle and will make a patched-image rebuild available the moment a fixed version ships; environments with auto-remediation enabled then get a rebuild, regression-test run, and a PR opened against affected workloads automatically.

Pending upstream

Exploit Conditions

Network reachabilityRequired
The attacker must reach the Dokploy web interface over the network (AV:N).
AuthenticationRequired
A low-privilege authenticated Dokploy account is sufficient to invoke the vulnerable file upload (PR:L).
Victim interactionNot required
No user has to click or approve anything; the attacker drives the upload request directly (UI:N).
Attack complexityDetail
Exploitation is reliable and condition-free: appending shell metacharacters to destinationPath is enough (AC:L).

Blast Radius

Executes arbitrary OS commands on the Dokploy host as the service user, yielding full remote code execution.
Reads any data the Dokploy process can access, including environment secrets, deployment credentials, and managed container state.
Modifies or destroys persisted configuration, container definitions, and files on the host filesystem.
Disrupts or takes offline every container and application orchestrated by the affected Dokploy instance.

How HarborGuard Handles This

Available on HarborGuard: continuous monitoring of the upstream advisory so that the moment a fixed Dokploy release ships, a patched-image rebuild is made available and, for environments with auto-remediation enabled, a rebuild plus regression run plus PR against affected workloads is generated automatically. In the interim, compensating-control guidance is surfaced alongside the finding: restrict the Dokploy UI to trusted networks or VPN, tighten account provisioning so untrusted users cannot obtain even low-privilege logins, apply egress filtering on the Dokploy host to limit post-exploitation reach, and consider feature-flag gating or proxy-level blocking of the container file upload endpoint until an upstream patch lands.

See how HarborGuard automates this

CVSS v3.1: 9.9
Severity: CRITICAL
Fixed in: —
Affected Products: 1

Affected packages

Dokploy / dokploy
<= 0.29.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

References

https://github.com/Dokploy/dokploy/security/advisories/GHSA-9m66-74x3-5mwr