CVE-2026-45631— Dokploy: Pre-Auth Admin Takeover via Hardcoded Authentication Secret
Possible ATT&CK Techniques 3AI
T1505 · Server Software Component T1078 · Valid Accounts T1190 · Exploit Public-Facing ApplicationGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-45631
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Dokploy: Pre-Auth Admin Takeover via Hardcoded Authentication Secret
Source: NVD (National Vulnerability Database)
Vulnerability Description
Dokploy is a free, self-hostable Platform as a Service (PaaS). From 0.27.0 to before 0.29.3, a hardcoded BETTER_AUTH_SECRET fallback ("better-auth-secret-123456789") lets an unauthenticated attacker forge email verification JWTs, trigger auto-sign-in as admin, and execute commands on the host via the built-in SSH terminal. This vulnerability is fixed in 0.29.3.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
使用硬编码的凭证
Source: NVD (National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-45631
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-45631
请登录查看更多情报信息。
Patches & Fixes for CVE-2026-45631 (1)
Vendor Advisories for CVE-2026-45631 (1)
Same Patch Batch · Dokploy · 2026-05-29 · 10 CVEs total
| CVE-2026-45663 | 9.9 CRITICAL | Dokploy: Remote Code Execution via destinationPath in Container File Upload |
| CVE-2026-45629 | 9.9 CRITICAL | Dokploy: Authenticated Remote Code Execution via Command Injection in /listen-deployment W |
| CVE-2026-45632 | 9.9 CRITICAL | Dokploy: Schedule Authorization Bypass Enables Host/Server Command Execution |
| CVE-2026-45661 | 9.9 CRITICAL | Dokploy: Remote Code Execution through Path Traversal |
| CVE-2026-45633 | 9.9 CRITICAL | Dokploy: Command Injection in /docker-container-logs Endpoint |
| CVE-2026-45628 | 9.6 CRITICAL | Dokploy: Command Injection via Unescaped Branch Fields in Deployment Pipeline |
| CVE-2026-45630 | 9.0 CRITICAL | Dokploy: Authenticated Remote Code Execution via Command Injection in updateTraefikConfig |
| CVE-2026-45662 | 8.8 HIGH | Dokploy: Command Injection via incomplete shell escaping in docker logout (registry deleti |
| CVE-2026-43917 | Dokploy: Cross-Organization IDOR - Multiple tRPC endpoints missing activeOrganizationId va |
IV. Related Vulnerabilities
Same product: dokploy
- CVE-2026-45629
Dokploy: Authenticated Remote Code Execution via Command Inj - CVE-2026-43917
Dokploy: Cross-Organization IDOR - Multiple tRPC endpoints m - CVE-2026-45628
Dokploy: Command Injection via Unescaped Branch Fields in De - CVE-2026-45630
Dokploy: Authenticated Remote Code Execution via Command Inj - CVE-2026-45632
Dokploy: Schedule Authorization Bypass Enables Host/Server C
Same vendor: Dokploy
- CVE-2026-45629
Dokploy: Authenticated Remote Code Execution via Command Inj - CVE-2026-43917
Dokploy: Cross-Organization IDOR - Multiple tRPC endpoints m - CVE-2026-45628
Dokploy: Command Injection via Unescaped Branch Fields in De - CVE-2026-45630
Dokploy: Authenticated Remote Code Execution via Command Inj - CVE-2026-45632
Dokploy: Schedule Authorization Bypass Enables Host/Server C
Same weakness: CWE-798
- CVE-2026-42929
MacGregor Voyage Data Recorder (VDR) G4e Use of Hard-coded C - CVE-2026-7786
Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 t - CVE-2026-46376
FreePBX: Unauthenticated Use of Hard-Coded Credentials Vulne - CVE-2026-49201
Acer Wave 7 router: Hardcoded Cryptographic Key - CVE-2026-45039
RustFS: Internode RPC HMAC secret falls back to public defau
V. Comments for CVE-2026-45631
No comments yet