Part of Lyceum Intelligence — deep-research In Focus reports → · Lyceum Corpus — ask the documents →

Full-text search across 381 articles. Typo-tolerant.

Lyceum News Desk ·

CVE-2026-45632 -- CVSS 9.9 Vulnerability Briefing

CVE-2026-45632 | CVSS 9.9 (Critical) | Exploit: No known exploit

What Is It

CVE-2026-45632 is a broken access control vulnerability in Dokploy, a self-hostable open-source Platform as a Service application, specifically affecting the schedule router component in version 0.26.7 and earlier.

Technical Detail

The schedule router in Dokploy fails to enforce organization-level or role-based access control checks, meaning any authenticated user, regardless of their assigned role or organizational membership, can create, update, or otherwise interact with scheduled tasks that should be restricted to privileged users. An attacker with a low-privilege account on a Dokploy instance can exploit this flaw by sending crafted requests directly to the schedule router endpoints without any elevated permissions. The practical impact includes unauthorized manipulation of scheduled operations within the platform, which in a PaaS context could extend to triggering deployments, modifying infrastructure automation tasks, or disrupting service availability for other tenants or users.

Exploitation Status

No known exploit exists for this vulnerability at this time. The exploit maturity is assessed as none, and this CVE is not currently listed in the CISA Known Exploited Vulnerabilities catalog. There is no public proof-of-concept code confirmed as of June 05, 2026.

Who Is Targeting This

No specific threat actor attribution at this time. Neither confirmed nor reported threat actor activity has been associated with this vulnerability.

What To Do

Operators running Dokploy should upgrade to a patched release above version 0.26.7 as soon as one becomes available from the project maintainers. Given the CVSS score of 9.9, this should be treated as a high-priority patch even in the absence of known active exploitation. As an interim workaround, restrict access to Dokploy instances to trusted users only and audit existing user accounts to remove any accounts that should not have authenticated access to the platform. Network-level controls such as placing the Dokploy management interface behind a VPN or firewall with strict allowlisting can reduce exposure. Monitor authentication logs for unexpected access to schedule-related API endpoints as a detection signal while awaiting a vendor patch.

In Focus
All analysis →

Deep-research intelligence reports from Lyceum Intelligence — structured assessments with sourced claims and calibrated conclusions.

Browse Intelligence Reports →