CVE-2026-45405 Dokku: Arbitrary File Write via Tar Symlink Traversal in git:from-archive and certs:add

Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:from-archive and certs:add commands extract user-supplied tar/zip archives into temporary directories without sanitizing member paths or preventing symlink traversal. GNU tar creates symlinks during extraction and follows them for subsequen...

CVE-2026-45405

Dokku before 0.38.2 is affected by a file-write vulnerability in tar extraction during git:from-archive and certs:add. User-supplied tar/zip archives are extracted into temporary directories without sanitizing member paths or preventing symlink traversal; GNU tar can create and follow symlinks, e...