An OS command injection flaw in the Dokploy WebSocket interface allows authenticated users to execute arbitrary code on managed remote servers.

The /listen-deployment WebSocket endpoint fails to properly sanitize user input, leading to OS command injection. Authenticated organization members can abuse this to execute commands on remote servers managed by the Dokploy instance.

This vulnerability carries a CVSS score of 9.9, reflecting the risk of full server compromise across the entire managed infrastructure. An attacker with standard user access can escalate to full control over remote servers, leading to lateral movement and widespread system disruption.

Immediate Action: Update to the latest version of Dokploy.

Proactive Monitoring: Monitor WebSocket traffic for suspicious payloads and review remote server logs for unauthorized command execution.

Compensating Controls: Restrict access to the Dokploy management console to trusted personnel and implement network-level egress filtering on managed servers to block unauthorized outbound connections from injected processes.

Public Exploit Available: None

Organizations should update their Dokploy instance immediately. Given the potential for lateral movement, a thorough audit of all managed remote servers is recommended to ensure no unauthorized persistence has been established.