{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-24840", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-01-27T14:51:03.059Z", "datePublished": "2026-01-28T00:15:57.299Z", "dateUpdated": "2026-01-28T15:01:06.280Z"}, "containers": {"cna": {"title": "Dokploy uses hardcoded credentials in installation script, which could result in database access", "problemTypes": [{"descriptions": [{"cweId": "CWE-798", "lang": "en", "description": "CWE-798: Use of Hard-coded Credentials", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/Dokploy/dokploy/security/advisories/GHSA-jr65-3j3w-gjmc", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/Dokploy/dokploy/security/advisories/GHSA-jr65-3j3w-gjmc"}, {"name": "https://github.com/Dokploy/dokploy/commit/b902c160a256ad345ac687c87eb092f1fab2c64d", "tags": ["x_refsource_MISC"], "url": "https://github.com/Dokploy/dokploy/commit/b902c160a256ad345ac687c87eb092f1fab2c64d"}], "affected": [{"vendor": "Dokploy", "product": "dokploy", "versions": [{"version": "< 0.26.6", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-01-28T00:15:57.299Z"}, "descriptions": [{"lang": "en", "value": "Dokploy is a free, self-hostable Platform as a Service (PaaS). In versions prior to 0.26.6, a hardcoded credential in the provided installation script (located at https://dokploy.com/install.sh, line 154) uses a hardcoded password when creating the database container. This means that nearly all Dokploy installations use the same database credentials and could be compromised. Version 0.26.6 contains a patch for the issue."}], "source": {"advisory": "GHSA-jr65-3j3w-gjmc", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-28T15:00:24.223741Z", "id": "CVE-2026-24840", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-28T15:01:06.280Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-24840", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-01-28T15:00:24.223741Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-28T15:01:01.224Z"}}], "cna": {"title": "Dokploy uses hardcoded credentials in installation script, which could result in database access", "source": {"advisory": "GHSA-jr65-3j3w-gjmc", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Dokploy", "product": "dokploy", "versions": [{"status": "affected", "version": "< 0.26.6"}]}], "references": [{"url": "https://github.com/Dokploy/dokploy/security/advisories/GHSA-jr65-3j3w-gjmc", "name": "https://github.com/Dokploy/dokploy/security/advisories/GHSA-jr65-3j3w-gjmc", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/Dokploy/dokploy/commit/b902c160a256ad345ac687c87eb092f1fab2c64d", "name": "https://github.com/Dokploy/dokploy/commit/b902c160a256ad345ac687c87eb092f1fab2c64d", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Dokploy is a free, self-hostable Platform as a Service (PaaS). In versions prior to 0.26.6, a hardcoded credential in the provided installation script (located at https://dokploy.com/install.sh, line 154) uses a hardcoded password when creating the database container. This means that nearly all Dokploy installations use the same database credentials and could be compromised. Version 0.26.6 contains a patch for the issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-798", "description": "CWE-798: Use of Hard-coded Credentials"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-01-28T00:15:57.299Z"}}}, "cveMetadata": {"cveId": "CVE-2026-24840", "state": "PUBLISHED", "dateUpdated": "2026-01-28T15:01:06.280Z", "dateReserved": "2026-01-27T14:51:03.059Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-01-28T00:15:57.299Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dokploy:dokploy:*:*:*:*:*:*:*:*", "matchCriteriaId": "D811B470-39CF-4FCD-A0A6-77EBBE229498", "versionEndExcluding": "0.26.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Dokploy is a free, self-hostable Platform as a Service (PaaS). In versions prior to 0.26.6, a hardcoded credential in the provided installation script (located at https://dokploy.com/install.sh, line 154) uses a hardcoded password when creating the database container. This means that nearly all Dokploy installations use the same database credentials and could be compromised. Version 0.26.6 contains a patch for the issue."}], "id": "CVE-2026-24840", "lastModified": "2026-02-04T17:55:14.130", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-01-28T01:16:14.647", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/Dokploy/dokploy/commit/b902c160a256ad345ac687c87eb092f1fab2c64d"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/Dokploy/dokploy/security/advisories/GHSA-jr65-3j3w-gjmc"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-798"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T01:49:17.911182+00:00", "value": {"mitigation_remediation": ["Upgrade to Dokploy 0.26.6 or a newer version where the hardcoded credential has been removed.", "If upgrading is not immediately possible, edit the install.sh script to replace the hardcoded password with a unique, random password before the database container is created.", "After deployment, change the database password to a strong, non\u2011predictable value, revoke any default credentials, and enforce a password rotation policy."], "summary": {"action": "Immediate Patch", "impact": "Unauthorized database access through hardcoded credentials"}, "threat_synthesis": {"affected_systems": "The affected vendor is Dokploy, and the product is Dokploy itself. Any instance running a build before version 0.26.6 deploys the vulnerable script. Version 0.26.6 and later contain a patch that removes the hard\u2011coded password.", "description_and_impact": "Dokploy versions prior to 0.26.6 include a hardcoded password in the installation script, meaning that during deployment almost all instances use the same database credentials. This flaw allows an attacker who can influence the installation process or obtain the installation script to learn valid database credentials and potentially read, modify, or delete data stored in the database. The vulnerability is classified as CWE\u2011798, a use of hard\u2011coded credentials, and has a CVSS score of 8, signifying a high impact if exploited.", "risk_and_exploitability": "The CVSS score of 8 indicates that an attacker who can exploit this flaw would face significant risk. However, the EPSS score of less than 1% suggests that exploitation attempts are rare, and at this time the vulnerability has not been listed in the CISA KEV catalog. The most likely attack vector is local or administrative, where an attacker can modify or replace the installation script, or compromise a system during the initial deployment. Once the credentials are known, an attacker can gain full access to the database, compromising confidentiality, integrity, and availability of any data managed by Dokploy."}}}}, "created": "2026-01-28T12:21:43.739177+00:00", "updated": "2026-04-18T02:00:10.460858+00:00", "vendors": ["dokploy", "dokploy$PRODUCT$dokploy"]}