A critical path traversal flaw in Dokploy allows authenticated users to overwrite files and execute arbitrary code on the host or remote servers.

The vulnerability allows path traversal during application deployment. By crafting malicious deployment packages, an authenticated user can write files to sensitive locations, enabling persistent backdoors, cron job manipulation, and arbitrary remote code execution on both the local host and remote deployment targets.

With a CVSS score of 9.9, this vulnerability is critical. It bypasses container isolation mechanisms, meaning even remote servers managed by Dokploy are at risk of total compromise. The ability to install backdoors and exfiltrate data represents a major threat to organizational infrastructure.

Immediate Action: Update to the latest version of Dokploy (check vendor advisory for available patches).

Proactive Monitoring: Monitor deployment logs for suspicious file paths and review server cron jobs for unauthorized entries or unexpected modifications.

Compensating Controls: Limit access to the deployment features and implement strict filesystem permissions to prevent unauthorized writes outside of expected application directories.

Public Exploit Available: None

This vulnerability represents a significant risk to the entire managed infrastructure. Administrators must prioritize updating their Dokploy installation and auditing their deployment pipelines for any signs of unauthorized file modifications.