CRITICAL
Dokploy
CVE published 2026-05-18
CVE-2026-27130
CVE-2026-27130 is a critical command injection flaw in Dokploy affecting versions 0.26.6 and below. User-controlled application names can pass through weak sanitization, bypass missing schema validation, and reach shell commands through direct interpolation. In practice, an authenticated attacker who controls appName during application creation may be able to trigger server-side command execution when ser [truncated]