All 7 CVE vulnerabilities found in dokploy, with AI-generated Chinese analysis, references, and POCs.
Vendor: Dokploy
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-24841 | Dokploy Vulnerable to Authenticated Remote Code Execution via Command Injection in Docker Container Terminal WebSocket Endpoint CWE-78 | 9.9 | Critical | 2026-01-28 |
| CVE-2026-24840 | Dokploy uses hardcoded credentials in installation script, which could result in database access CWE-798 | 8.0 | High | 2026-01-28 |
| CVE-2026-24839 | Dokploy has a clickjacking vulnerability - Missing X-Frame-Options and CSP frame-ancestors headers CWE-1021 | 4.7 | Medium | 2026-01-28 |
| CVE-2025-53825 | Dokploy's Preview Deployments are vulnerable to Remote Code Execution CWE-862 | 9.4 | Critical | 2025-07-14 |
| CVE-2025-53375 | Dokploy allows attackers to read any file that the Traefik process user can access CWE-22 | 8.8AI | HighAI | 2025-07-07 |
| CVE-2025-53376 | Dokploy allows attackers to run arbitrary OS commands on the Dokploy host. CWE-78 | 8.8AI | HighAI | 2025-07-07 |
| CVE-2025-53374 | Dokploy Improperly Discloses User Information via user.one Endpoint CWE-359 | 4.3AI | MediumAI | 2025-07-07 |
All 7 known CVE vulnerabilities affecting dokploy with full Chinese analysis, references, and POCs where available.