CRITICAL
dokku
CVE published 2026-06-26
CVE-2026-54636
CVE-2026-54636 is a critical vulnerability in Dokku, a docker-powered PaaS. Prior to version 0.38.7, the cron plugin is susceptible to a container breakout vulnerability. An app.json cron command using special shell characters, such as > or ;, can execute commands on the host as the Dokku user. This issue is fixed in Dokku version 0.38.7. The vulnerability has a CVSS score of 9 and is considered CRITICAL. [truncated]