NVD HIGH: CVE-2026-45406 — Dokku is a docker-powered PaaS. Prior to 0.38.2, the openresty-vhosts plugin cop...
Dokku is a docker-powered PaaS. Prior to 0.38.2, the openresty-vhosts plugin copies files from an app's openresty/http-includes/ git repository directory to the host and then interpolates their filenames, unescaped, into a single-quoted shell string that is later parsed by eval. A filename containing a single quote breaks the quoting and allows command substitution to execute arbitrary commands on
CVE-2026-45406