CVE-2026-27130 | dokploy up to 0.26.6 execAsync appName os command injection (GHSA-fcgq-jjfg-hrhj)

A vulnerability was found in dokploy up to 0.26.6. It has been declared as critical. This vulnerability affects the function execAsync. Executing a manipulation of the argument appName can lead to os command injection.

This vulnerability is registered as CVE-2026-27130. It is possible to launch the attack remotely. No exploit is available.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More