CyberRota
← Ana sayfaya dön

CVE-2026-45405

CRITICAL · CVSS 9 EPSS %0.29 Public Exploit

Kaynak: NVD + CISA KEV + EPSS · Yayınlanma: 2026-06-26T17:16:33.007 · Çekilme zamanı: 2026-06-30T18:35:53.052141+00:00

CyberRota Yorumu

Detaylı analiz gerekiyor.

Public Exploit Sinyali

Bu CVE için açıklama veya referanslarda public exploit / PoC / GitHub / Metasploit sinyali tespit edildi.

GitHub PoC Linkleri
github.com github.com

Not: Bu bağlantılar yalnızca güvenlik araştırması ve doğrulama amacıyla listelenmiştir.

CVE
CVE-2026-45405
Severity
CRITICAL
CVSS
9
EPSS
%0.29
Docker

Orijinal NVD Açıklaması

Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:from-archive and certs:add commands extract user-supplied tar/zip archives into temporary directories without sanitizing member paths or preventing symlink traversal. GNU tar creates symlinks during extraction and follows them for subsequent entries, allowing an attacker to write arbitrary files anywhere writable by the dokku user — including overwriting ~/.ssh/authorized_keys to gain unrestricted shell access. This vulnerability is fixed in 0.38.2.