Part of Lyceum Intelligence — deep-research In Focus reports → · Lyceum Corpus — ask the documents →

Full-text search across 381 articles. Typo-tolerant.

Lyceum News Desk ·

CVE-2026-45630 -- CVSS 9.0 Vulnerability Briefing

CVE-2026-45630 | CVSS 9.0 (Critical) | Exploit: No known exploit

What Is It

CVE-2026-45630 is an authenticated OS command injection vulnerability in Dokploy, a self-hostable open-source Platform as a Service application, specifically within the application.updateTraefikConfig tRPC endpoint.

Technical Detail

The flaw exists in Dokploy version 0.28.8 and earlier, where user-supplied input passed to the application.updateTraefikConfig tRPC endpoint is not properly sanitized before being executed at the operating system level. An authenticated user with admin or owner privileges can craft a malicious request to this endpoint to inject arbitrary OS commands, resulting in remote code execution on the underlying host. Because Dokploy manages containerized application deployments, successful exploitation could allow an attacker to pivot beyond the application layer and compromise the host infrastructure or other hosted workloads.

Exploitation Status

No known exploit code has been publicly identified at this time. This vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. There is no confirmed in-the-wild exploitation as of June 05, 2026. Despite the absence of a known exploit, the CVSS score of 9.0 reflects the severity of the impact if the vulnerability were to be triggered by a sufficiently privileged attacker.

Who Is Targeting This

No specific threat actor attribution at this time. Neither confirmed nor reported threat actor associations have been established for this vulnerability.

What To Do

Administrators running Dokploy should upgrade to a version beyond 0.28.8 as soon as a patched release is available from the project maintainers. Until a patch is applied, access to the Dokploy admin interface should be restricted to trusted networks only, and the principle of least privilege should be enforced to limit the number of accounts holding admin or owner roles. Monitor application and host-level logs for unexpected process execution or outbound connections originating from the Dokploy service. If the platform is exposed to the internet, consider placing it behind a VPN or restricting access via firewall rules as an interim control. Track the official Dokploy repository and security advisories for patch availability.

In Focus
All analysis →

Deep-research intelligence reports from Lyceum Intelligence — structured assessments with sourced claims and calibrated conclusions.

Browse Intelligence Reports →