Skip to content
CVSS 10.0CVSS 10.0 · CRITICAL

CVE-2026-45631

Dokploy is a free, self-hostable Platform as a Service (PaaS). From 0.27.0 to before 0.29.3, a hardcoded BETTER_AUTH_SECRET fallback ("better-auth-secret-123456789") lets an unauthenticated attacker forge email verification JWTs, trigger auto-sign-in as admin, and execute commands on the host via the built-in SSH terminal. This vulnerability is fixed in 0.29.3.

View on NVD

Analysis

Dokploy, a self-hostable PaaS, contains a hardcoded secret in versions 0.27.0 through 0.29.2 that allows unauthenticated attackers to forge admin credentials. This provides full remote command execution (RCE) on the host machine. All users should upgrade to version 0.29.3 immediately.

Severity

Score: 10.0(CRITICAL)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: CHANGED
C: HIGH
I: HIGH
A: HIGH
Weakness (CWE): CWE-798

EPSS

Probability of exploitation (next 30 days): 0.0007 (0.1%)
Percentile: 20.7%
EPSS: 2026-06-01

Technical description

Dokploy is a free, self-hostable Platform as a Service (PaaS). From 0.27.0 to before 0.29.3, a hardcoded BETTER_AUTH_SECRET fallback ("better-auth-secret-123456789") lets an unauthenticated attacker forge email verification JWTs, trigger auto-sign-in as admin, and execute commands on the host via the built-in SSH terminal. This vulnerability is fixed in 0.29.3.

Published: 5/29/2026, 6:17:11 PM
Last modified: 6/1/2026, 5:17:10 PM

References

HomeEventsBlogResourcesTeam