CVE-2026-45407

🔶 medium

Summary

Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:auth command creates $DOKKU_ROOT/.netrc using bash's touch command, which applies the default umask of 0644. This pre-creation defeats the netrc binary's built-in 0600 permission setting, leaving git credentials readable by any local user who can traverse the dokku home directory. This vulnerability is fixed in 0.38.2.

CVSS Score

5.0

Medium

EPSS Score

Published Date

2026-06-26

First Seen: 2026-06-27

📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 19.2% of all 330,193 vulnerabilities in our database.

#266,649

Below average severity

Severity Percentile

🎯 CISA SSVC Assessment Updated: Jun 26, 2026

🔍 Exploitation Status

None

No known exploits

⚙️ Automatable

Requires human interaction

💥 Technical Impact

Partial

Limited system impact

SSVC data provided by CISA

Last Modified 2026-06-26

Source NVD 🔗

CVSS Vector 3.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

CWE IDs (Weakness Types)

CWE-522

📦 Affected Products 1

Vendor	Product	Status	Affected Versions
dokku	dokku	Affected	< 0.38.2

🔗 References 2

https://github.com/dokku/dokku/pull/8589

Issue Tracking Patch

https://github.com/dokku/dokku/security/advisories/G...

Vendor Advisory

🔗 Related CVEs 4

CVE ID	Severity	CVSS	EPSS	Summary	Published
CVE-2026-45405	⛔ critical	9.0	-	Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:from-archive and certs:add commands extract user-supplied tar/z...	2026-06-26
CVE-2026-45406	⛔ critical	9.0	-	Dokku is a docker-powered PaaS. Prior to 0.38.2, the openresty-vhosts plugin copies files from an app's openresty/http-i...	2026-06-26
CVE-2026-45408	⛔ critical	9.0	-	Dokku is a docker-powered PaaS. Prior to 0.38.2, the app name validation regex (^[a-z0-9][^/:_A-Z]*$) permits shell meta...	2026-06-26
CVE-2026-54636	⛔ critical	9.0	-	Dokku is a docker-powered PaaS. Prior to 0.38.7, the cron plugin utilizes commands in the app.json file to manage system...	2026-06-26

These CVEs affect the same products