How is CVE-2026-54636 exploited?

Network reachability (required): The attacker must reach the Dokku service over the network to push a malicious app.json payload. Authentication (required): Any low-privilege account with push access to a Dokku app is sufficient to deliver the malicious app.json cron entry. Victim interaction (required): A user or automated process with access to the Dokku deployment must trigger the app deployment or cron-plugin reload that processes the malicious app.json. Attack complexity (info): Exploitation is reliable and condition-free once the malicious app.json is accepted; no race condition or special memory state is required.

What is the impact of CVE-2026-54636?

The attacker executes arbitrary OS commands on the Dokku host as the Dokku user, breaking out of the Docker container boundary. All data readable by the Dokku user on the host is exposed, including app environment variables, secrets, and SSH keys. The attacker can modify or delete files on the host filesystem accessible to the Dokku user, including deployed app data and configuration. The attacker can disrupt or terminate any Dokku-managed service on the host, taking down running applications.

Back to search

CRITICALCVE-2026-54636Published 2026-06-26Modified 2026-06-26CNA GitHub_M

CVE-2026-54636: Dokku: OS Command Injection via app.json managed Cron

Dokku is a docker-powered PaaS. Prior to 0.38.7, the cron plugin utilizes commands in the app.json file to manage system cron running as the Dokku user. An app.json cron command utilizing special shell characters - including, but not limited to, > or ; - can break out of the Docker container and execute commands on the host as the Dokku user. This vulnerability is fixed in 0.38.7.

CVSS v3.1: 9.0
Severity: CRITICAL
Fixed in: —
Affected Products: 1

HarborGuard Analysis

Synopsis

This is an OS command injection vulnerability in Dokku, a Docker-powered platform-as-a-service. An authenticated, low-privilege user who can push an app.json file can embed shell metacharacters (such as > or ;) in cron command entries, which the Dokku cron plugin executes on the host without adequate sanitization, breaking out of the Docker container and running arbitrary commands as the Dokku user. Successful exploitation gives the attacker full read, write, and availability impact on the host, scoped beyond the container. HarborGuard is tracking this advisory and will make a patched-image rebuild available the moment an upstream fix is published.

HarborGuard Coverage

Detection

Detection of CVE-2026-54636 is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against customer images, including custom-built images that package Dokku or embed it as a dependency.

Available

Triage

HarborGuard scores this CVE at CVSS 9.0 Critical and surfaces it accordingly in each customer environment, applying per-environment compliance policy weighting before routing the finding to the appropriate team inbox within the customer org.

Available

Patch

Because no upstream fix version has been published yet, HarborGuard re-checks this advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment an upstream fix is released. Customers with auto-remediation enabled will receive the rebuild, a regression-test run, and a PR opened against affected workloads without any manual intervention required.

Pending upstream

Exploit Conditions

Network reachabilityRequired
The attacker must reach the Dokku service over the network to push a malicious app.json payload.
AuthenticationRequired
Any low-privilege account with push access to a Dokku app is sufficient to deliver the malicious app.json cron entry.
Victim interactionRequired
A user or automated process with access to the Dokku deployment must trigger the app deployment or cron-plugin reload that processes the malicious app.json.
Attack complexityDetail
Exploitation is reliable and condition-free once the malicious app.json is accepted; no race condition or special memory state is required.

Blast Radius

The attacker executes arbitrary OS commands on the Dokku host as the Dokku user, breaking out of the Docker container boundary.
All data readable by the Dokku user on the host is exposed, including app environment variables, secrets, and SSH keys.
The attacker can modify or delete files on the host filesystem accessible to the Dokku user, including deployed app data and configuration.
The attacker can disrupt or terminate any Dokku-managed service on the host, taking down running applications.

How HarborGuard Handles This

Available on HarborGuard: because no upstream fix for CVE-2026-54636 has been published, HarborGuard continuously re-checks the advisory on every ingest cycle and will make a patched-image rebuild available the moment Dokku releases a fix. For customers with auto-remediation enabled, that rebuild will trigger a regression-test run and open a PR against affected workloads automatically, with no manual steps required. In the interim, compensating controls worth evaluating include isolating Dokku hosts behind strict network policy to limit who can push apps, auditing app.json cron entries in existing deployments for unexpected shell metacharacters, and restricting push access to only trusted identities via your identity provider. HarborGuard continues to surface this finding as Critical in affected environments until a patched image is confirmed in place.

See how HarborGuard automates this

Affected packages

dokku / dokku
< 0.38.7

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

References

Metrics

Get notified