Part of Lyceum Intelligence — deep-research In Focus reports → · Lyceum Corpus — ask the documents →

Full-text search across 381 articles. Typo-tolerant.

Lyceum News Desk ·

CVE-2026-45663 -- CVSS 9.9 Vulnerability Briefing

CVE-2026-45663 | CVSS 9.9 (Critical) | Exploit: No known exploit

What Is It

CVE-2026-45663 is a command injection vulnerability in Dokploy, a self-hostable open-source Platform as a Service application, specifically within its Docker file upload functionality affecting version 0.29.1 and earlier.

Technical Detail

The flaw exists in the Docker file upload handler, where user-supplied input is not properly sanitized before being passed to an underlying system command. An authenticated attacker can craft a malicious upload request that injects arbitrary OS commands, resulting in remote code execution (RCE) on the host system. Given that Dokploy manages containerized infrastructure, successful exploitation could allow an attacker to pivot beyond the application layer and compromise the underlying host or connected container workloads.

Exploitation Status

No known exploit code has been publicly identified at this time, and this CVE is not currently listed in the CISA Known Exploited Vulnerabilities catalog. The exploit maturity is assessed as no known exploit, meaning active in-the-wild exploitation has not been confirmed or documented as of June 05, 2026.

Who Is Targeting This

No specific threat actor attribution at this time. Neither confirmed nor reported threat actor associations have been established for this vulnerability.

What To Do

Operators running Dokploy should upgrade to a version beyond 0.29.1 immediately, as the CVSS score of 9.9 Critical warrants urgent patch prioritization. If an immediate upgrade is not feasible, restrict access to the Dokploy interface to trusted networks or authenticated VPN users only, and disable or limit Docker file upload functionality where possible through access controls or reverse proxy rules. Monitor application and host-level logs for anomalous process spawning originating from the Dokploy service process, particularly unexpected shell invocations or outbound network connections initiated by the application user context. Given the self-hosted nature of this platform, exposure is directly tied to how the instance is network-accessible, so reducing the attack surface through network segmentation is a practical interim control.

In Focus
All analysis →

Deep-research intelligence reports from Lyceum Intelligence — structured assessments with sourced claims and calibrated conclusions.

Browse Intelligence Reports →