CVE-2026-45631EPSS p28.4%

CVE-2026-45631CVE-2026-45631

Description

Dokploy is a free, self-hostable Platform as a Service (PaaS). From 0.27.0 to before 0.29.3, a hardcoded BETTER_AUTH_SECRET fallback ("better-auth-secret-123456789") lets an unauthenticated attacker forge email verification JWTs, trigger auto-sign-in as admin, and execute commands on the host via the built-in SSH terminal. This vulnerability is fixed in 0.29.3.

Scoring

CVSS 10.0 ()
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS0.37% probability of exploitation · percentile 28.4% · 2026-06-18T12:00:27Z
Last modified2026-06-01

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-45629
CVE
CVE-2026-24840
CVE
CVE-2026-45632
CVE
CVE-2026-45661
CVE
CVE-2026-24841
CVE
CVE-2026-45662
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.