CVE-2026-24840
BaseFortify
Publication date: 2026-01-28
Last updated on: 2026-02-04
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dokploy | dokploy | to 0.26.6 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-798 | The product contains hard-coded credentials, such as a password or cryptographic key. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves a hardcoded credential in the installation script of Dokploy versions prior to 0.26.6. Specifically, the script uses a hardcoded password when creating the database container, meaning that nearly all Dokploy installations use the same database credentials. This uniformity in credentials can allow attackers to compromise the database.
How can this vulnerability impact me? :
Because nearly all Dokploy installations use the same hardcoded database credentials, an attacker could exploit this to gain unauthorized access to the database. This could lead to a full compromise of confidentiality, integrity, and availability of the data stored in the database.
What immediate steps should I take to mitigate this vulnerability?
Upgrade Dokploy to version 0.26.6 or later, which contains a patch that removes the hardcoded database credentials vulnerability.