CVE-2026-54636 dokku CVE debrief

Who should care

Dokku users and administrators should be aware of this vulnerability and take immediate action to update to version 0.38.7 or later. This vulnerability can allow an attacker to execute commands on the host as the Dokku user, potentially leading to further exploitation.

Technical summary

The Dokku cron plugin, prior to version 0.38.7, utilizes commands in the app.json file to manage system cron running as the Dokku user. An app.json cron command using special shell characters, such as > or ;, can break out of the Docker container and execute commands on the host as the Dokku user. This vulnerability is due to insufficient input validation and sanitization of the cron commands. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H.

Defensive priority

High priority should be given to updating Dokku to version 0.38.7 or later. Additionally, users should review their app.json files for any suspicious cron commands and ensure that input validation and sanitization are properly implemented.

Recommended defensive actions

• Update Dokku to version 0.38.7 or later
• Review app.json files for suspicious cron commands
• Implement input validation and sanitization for cron commands
• Monitor system logs for potential exploitation attempts
• Consider implementing additional security controls, such as restricting access to Dokku and monitoring user activity

Evidence notes

The CVE-2026-54636 vulnerability was publicly disclosed on June 26, 2026, and has since been updated on June 29, 2026. The vulnerability has a CVSS score of 9 and is considered CRITICAL. The NVD provides additional information on the vulnerability, including the CVSS vector and CPE criteria.

Official resources