What is the CVSS score of CVE-2026-24841?

CVE-2026-24841 has a CVSS 3.1 base score of 9.9 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L. EPSS exploitation probability: 0.1%.

Which versions of Docker are affected by CVE-2026-24841?

Dokploy instances running versions prior to 0.26.6 are vulnerable to remote command injection through the WebSocket terminal endpoint, allowing unauthenticated attackers to execute arbitrary commands…. A patch is available.

Is there a public PoC exploit available for CVE-2026-24841?

Yes, a public proof-of-concept exploit is available for CVE-2026-24841. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2026-24841?

Within 24 hours: Identify all Dokploy deployments and their versions; isolate affected instances from production networks if upgrade cannot be completed immediately. Within 7 days: Upgrade all Dokploy instances to version 0.26.6 or later; verify patch application and restart services. Within 30 days: Conduct forensic analysis of affected systems for unauthorized access or command execution; review access logs and audit trails for exploitation attempts; implement network monitoring for WebSocket endpoint anomalies.

Docker CVE-2026-24841

CRITICAL

OS Command Injection (CWE-78)

2026-01-28 security-advisories@github.com

Docker Command Injection Dokploy

9.9

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

9.9 CRITICAL

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

Low

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

PoC Detected

Feb 04, 2026 - 17:37 vuln.today

Public exploit code

Patch released

Feb 04, 2026 - 17:37 nvd

Patch available

CVE Published

Jan 28, 2026 - 01:16 nvd

CRITICAL 9.9

DescriptionGitHub Advisory

Dokploy is a free, self-hostable Platform as a Service (PaaS). In versions prior to 0.26.6, a critical command injection vulnerability exists in Dokploy's WebSocket endpoint /docker-container-terminal. The containerId and activeWay parameters are directly interpolated into shell commands without sanitization, allowing authenticated attackers to execute arbitrary commands on the host server. Version 0.26.6 fixes the issue.

AnalysisAI

Dokploy self-hosted PaaS prior to 0.26.6 has a critical command injection vulnerability (CVSS 9.9) allowing authenticated users to execute arbitrary OS commands on the host.

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Authenticate to Dokploy instance

Exploit

Connect to WebSocket endpoint /docker-container-terminal

Execution

Inject shell metacharacters in containerId parameter

Impact

Execute arbitrary commands on host server

Access

Authenticate to Dokploy instance

Exploit

Connect to WebSocket endpoint /docker-container-terminal

Execution

Inject shell metacharacters in containerId parameter

Impact

Execute arbitrary commands on host server

Vulnerability AssessmentAI

Exploitation	Authenticated user account on Dokploy instance prior to version 0.26.6 with access to WebSocket endpoint /docker-container-terminal. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	CVSS 9.9 with PoC and patch. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An authenticated Dokploy user injects OS commands through the deployment interface that escape the container context and execute on the host, gaining access to all containers, volumes, and the Docker socket.
Remediation	Update to Dokploy 0.26.6 or later. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all Dokploy deployments and their versions; isolate affected instances from production networks if upgrade cannot be completed immediately. …

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-48039 CRITICAL Act Now POC

9.1 Jun 11

Unauthenticated remote attackers can invoke MCP tool handlers and exfiltrate the operator's long-lived Meta Graph API ac

CVE-2026-53753 CRITICAL Act Now

9.8 Jun 16

Unauthenticated remote code execution in Crawl4AI versions <= 0.8.6 allows attackers to escape the AST-based sandbox in

CVE-2026-47172 CRITICAL Act Now

9.5 Jun 11

Privileged GitHub Actions workflow injection in Quest Bot (Discord moderation bot) prior to version 1.0.3 allows remote

CVE-2026-47174 CRITICAL Act Now

9.5 Jun 11

Production deployment compromise in Duck Site before 1.0.1 allows remote attackers to push attacker-controlled code as t

CVE-2026-53755 HIGH This Week

8.6 Jun 16

Server-side request forgery in Crawl4AI's Docker API server (versions <= 0.8.8) allows unauthenticated remote attackers

CVE-2026-24841 vulnerability details – vuln.today

Back