Part of Lyceum Intelligence — deep-research In Focus reports → · Lyceum Corpus — ask the documents →

Full-text search across 381 articles. Typo-tolerant.

Lyceum News Desk ·

CVE-2026-45661 -- CVSS 9.9 Vulnerability Briefing

CVE-2026-45661 | CVSS 9.9 (Critical) | Exploit: No known exploit

What Is It

CVE-2026-45661 is a critical path traversal vulnerability in Dokploy, a self-hostable open-source Platform as a Service application, affecting version 0.26.5 and earlier, that allows authenticated users to write arbitrary files on the underlying host system.

Technical Detail

The flaw exists in Dokploy's file handling logic, where user-supplied path input is not properly sanitized, enabling an authenticated attacker to traverse outside of intended directory boundaries and write files to arbitrary locations on the server. By crafting a malicious request with directory traversal sequences, an attacker could overwrite sensitive system files, plant web shells, or manipulate application configuration to achieve remote code execution or privilege escalation. Given that Dokploy manages containerized deployments and infrastructure configuration, successful exploitation could result in full compromise of the host environment and any workloads running on the platform.

Exploitation Status

No known exploit code has been publicly identified at this time, and this CVE is not currently listed in the CISA Known Exploited Vulnerabilities catalog. The exploit maturity is assessed as no known exploit as of June 05, 2026. However, the high CVSS score of 9.9 and the straightforward nature of path traversal techniques mean that functional exploitation is achievable by moderately skilled attackers once the vulnerability mechanics are understood.

Who Is Targeting This

No specific threat actor attribution at this time. Neither confirmed nor reported threat actor activity has been associated with this vulnerability as of the date of this briefing.

What To Do

Operators running Dokploy should update to a patched release above version 0.26.5 immediately, treating this as a high-priority patch given the critical CVSS score and the privileged nature of PaaS infrastructure. If a patched version is not yet available or cannot be applied immediately, restrict access to the Dokploy interface to trusted IP ranges or internal networks only, and enforce strong authentication controls to limit the pool of users who can reach the vulnerable functionality. Review server-side file integrity on any exposed Dokploy instances for signs of unauthorized file writes, particularly in web-accessible directories, configuration paths, and cron or init locations. Monitor application logs for anomalous path strings containing traversal sequences such as "../" in file-related API requests.

In Focus
All analysis →

Deep-research intelligence reports from Lyceum Intelligence — structured assessments with sourced claims and calibrated conclusions.

Browse Intelligence Reports →