CNNVD-202601-4838 Information
CNNVD ID
CNNVD-202601-4838
Related CVE
- CNNVD Published: 2026-01-28
Description (Chinese)
Dokploy是Dokploy开源的一个开源软件。 Dokploy 0.26.6之前版本存在操作系统命令注入漏洞,该漏洞源于WebSocket端点/docker-container-terminal存在命令注入,可能导致执行任意命令。
Description (English)
Dokploy is an open source software for Dokploy open source. Before Dokploy 0.26.6, there was an operational system command-injection loophole, which originated from the WebSocket end-point/docker-container-terminal-injection-injection, which could lead to the execution of arbitrary orders.
Hazard Level
Low
Vulnerability Type
操作系统命令注入
Affected Vendor
Dokploy
Published
2026-01-28
Last Modified
2026-02-24
References
https://github.com/Dokploy/dokploy/blob/canary/apps/dokploy/server/wss/docker-container-terminal.ts https://github.com/Dokploy/dokploy/commit/74e0bd5fe3ef7199f44fcd19c6f5a2f09b806d6f https://github.com/Dokploy/dokploy/security/advisories/GHSA-vx6x-6559-x35r
Patch
https://github.com/Dokploy/dokploy/releases
Share on: