Executive Summary

CVE-2026-45662 is a command injection vulnerability in Dokploy's registry deletion functionality. It occurs because the deleteRegistry function executes the command `docker logout ${response.registryUrl}` without properly escaping the registryUrl value.

While the docker login command in the same code correctly uses a shell escaping function to prevent command injection, the docker logout command does not, allowing an attacker to inject malicious shell commands.

An attacker with registry management permissions can create a registry with a specially crafted registryUrl containing shell metacharacters (like semicolons or pipes). When this registry is deleted, the injected commands are executed on the server.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can lead to remote code execution (RCE) on the Dokploy host, allowing an attacker to run arbitrary commands on the server.

The impact includes potential full server compromise, lateral movement to other systems, and unauthorized access to the Docker daemon, which could enable container escape.

Because of these risks, the vulnerability has a high severity score of 8.8 (CVSS v3.1), reflecting its high impact on confidentiality, integrity, and availability.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by monitoring for unusual or suspicious command executions related to the docker logout command that includes unexpected special characters or command injection patterns in the registryUrl parameter.

Since the vulnerability involves command injection via the registryUrl during the deletion of a registry, you can look for commands executed on the host that include docker logout followed by suspicious strings containing shell metacharacters such as semicolons (;), pipes (|), or command substitutions.

Suggested commands to detect potential exploitation attempts include:

• Check process execution logs or audit logs for docker logout commands with unusual arguments: `grep -E 'docker logout.*[;|$()]' /var/log/audit/audit.log`
• Use system auditing tools like auditd to monitor execution of docker logout commands and alert on suspicious parameters.
• Inspect Dokploy application logs for registry deletion requests containing registryUrl values with special shell characters.

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include preventing the execution of unescaped shell commands with user-controlled input in the Dokploy application.

Specifically, ensure that the docker logout command in the deleteRegistry function uses proper shell escaping, similar to the docker login command, by applying the shEscape() function to the registryUrl parameter.

Additional steps include:

• Restrict registryUrl input validation to disallow special shell characters that can be used for command injection.
• Limit registry management permissions to trusted users only, as exploitation requires authenticated access with these permissions.
• Monitor and audit registry deletion operations for suspicious activity.
• Apply any available patches or updates from Dokploy that address this vulnerability.

Useful 0 Not Useful 0

Compliance Impact

The vulnerability allows remote code execution on the Dokploy host, potentially leading to full server compromise, lateral movement to other systems, and access to the Docker daemon for container escape.

Such a compromise can result in unauthorized access, modification, or destruction of sensitive data, which may violate data protection requirements under common standards and regulations like GDPR and HIPAA.

Therefore, this vulnerability poses a significant risk to maintaining compliance with these regulations, as it threatens confidentiality, integrity, and availability of data.

Useful 0 Not Useful 0