{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-15T20:37:40.260","vulnerabilities":[{"cve":{"id":"CVE-2026-24840","sourceIdentifier":"security-advisories@github.com","published":"2026-01-28T01:16:14.647","lastModified":"2026-02-04T17:55:14.130","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Dokploy is a free, self-hostable Platform as a Service (PaaS). In versions prior to 0.26.6, a hardcoded credential in the provided installation script (located at https://dokploy.com/install.sh, line 154) uses a hardcoded password when creating the database container. This means that nearly all Dokploy installations use the same database credentials and could be compromised. Version 0.26.6 contains a patch for the issue."},{"lang":"es","value":"Dokploy es una Plataforma como Servicio (PaaS) gratuita y autoalojable. En versiones anteriores a la 0.26.6, una credencial codificada en el script de instalación proporcionado (ubicado en HTTPS://dokploy.com/install.sh, línea 154) utiliza una contraseña codificada al crear el contenedor de la base de datos. Esto significa que casi todas las instalaciones de Dokploy utilizan las mismas credenciales de la base de datos y podrían verse comprometidas. La versión 0.26.6 contiene un parche para el problema."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.0,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.1,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-798"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dokploy:dokploy:*:*:*:*:*:*:*:*","versionEndExcluding":"0.26.6","matchCriteriaId":"D811B470-39CF-4FCD-A0A6-77EBBE229498"}]}]}],"references":[{"url":"https://github.com/Dokploy/dokploy/commit/b902c160a256ad345ac687c87eb092f1fab2c64d","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/Dokploy/dokploy/security/advisories/GHSA-jr65-3j3w-gjmc","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]}]}}]}