Skip to content
CVSS 10.0CVSS 10.0 · CRITICAL

CVE-2026-45631

Dokploy is a free, self-hostable Platform as a Service (PaaS). From 0.27.0 to before 0.29.3, a hardcoded BETTER_AUTH_SECRET fallback ("better-auth-secret-123456789") lets an unauthenticated attacker forge email verification JWTs, trigger auto-sign-in as admin, and execute commands on the host via the built-in SSH terminal. This vulnerability is fixed in 0.29.3.

Ver en NVD

Análisis

Dokploy, a self-hostable PaaS, contains a hardcoded secret in versions 0.27.0 through 0.29.2 that allows unauthenticated attackers to forge admin credentials. This provides full remote command execution (RCE) on the host machine. All users should upgrade to version 0.29.3 immediately.

Severidad

Puntaje: 10.0(CRITICAL)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: CHANGED
C: HIGH
I: HIGH
A: HIGH
Tipo de falla (CWE): CWE-798

EPSS

Probabilidad de explotación (próx. 30 días): 0.0007 (0.1%)
Percentil: 20.7%
EPSS: 2026-06-01

Descripción técnica

Dokploy is a free, self-hostable Platform as a Service (PaaS). From 0.27.0 to before 0.29.3, a hardcoded BETTER_AUTH_SECRET fallback ("better-auth-secret-123456789") lets an unauthenticated attacker forge email verification JWTs, trigger auto-sign-in as admin, and execute commands on the host via the built-in SSH terminal. This vulnerability is fixed in 0.29.3.

Publicada: 29/5/2026, 18:17:11
Última modificación: 1/6/2026, 17:17:10

Referencias

InicioEventosBlogRecursosEquipo