CVE-2026-45408: Shell Injection in Dokku PaaS Lets Authenticated

Executive Summary

A critical shell injection vulnerability in Dokku, the open-source Docker-powered Platform-as-a-Service (PaaS), allows authenticated users to execute arbitrary commands on the host system by pushing to a git remote with a crafted app name. Tracked as CVE-2026-45408 and assigned a CVSS score of 9.0 (critical), the flaw affects all Dokku versions prior to 0.38.2. The vulnerability stems from insufficient sanitization of app names in a git pre-receive hook script, where user-supplied input is embedded unquoted into a bash heredoc. Defenders running Dokku in multi-tenant environments should treat this as a full host compromise risk and prioritize upgrading to version 0.38.2.

Technical Analysis

According to the advisory published by the Dokku maintainers and the associated pull request (PR #8590), the root cause lies in the app name validation regex used by Dokku: ^[a-z0-9][^/:_A-Z]*$. While this regex restricts certain characters, it permits shell metacharacters such as backticks, dollar signs, and semicolons. When an authenticated user initiates a git push to a remote whose name contains these characters, Dokku's fn-git-create-hook() function (defined in plugins/git/internal-functions at line 378) embeds the app name directly into a bash pre-receive hook script.

The critical error is the use of an unquoted heredoc delimiter (<<EOF instead of <<'EOF'). In bash, an unquoted heredoc delimiter causes the shell to expand variables and perform command substitution within the heredoc body. Because the app name is interpolated into the script before the heredoc is evaluated, an attacker can craft an app name containing shell metacharacters that break out of the intended variable assignment and execute arbitrary commands on the Dokku host.

For example, an app name such as test$(id) or test;id would cause the shell to execute the id command during the git push operation. The attacker must already have authenticated access to a Dokku instance and be able to create or push to a git remote — a standard capability for any Dokku user. The vulnerability does not require prior shell access to the host.

The pull request that fixes the issue was merged into the Dokku codebase on an undisclosed date prior to the 0.38.2 release. The fix changes the heredoc delimiter from unquoted to single-quoted (<<'EOF'), which prevents shell expansion within the heredoc body. Additionally, the app name validation regex was tightened to reject shell metacharacters outright.

At the time of writing, no public proof-of-concept exploit code has been released, and there are no reports of active exploitation in the wild. However, given the low complexity of the attack — requiring only a crafted git push — defenders should expect weaponization shortly after public disclosure.

Mitigations & Recommendations

The sole complete mitigation is upgrading Dokku to version 0.38.2 or later. The fix is backward-compatible and does not require configuration changes. Organizations running Dokku in multi-tenant environments — where authenticated users may not be fully trusted — should treat this upgrade as urgent. For environments where immediate patching is not feasible, administrators should audit all current app names for shell metacharacters and restrict git push access to trusted users only. Network-level isolation of the Dokku host from untrusted networks can reduce the blast radius of a successful exploit, but does not prevent exploitation by authenticated users.