CVE-2026-24839

Medium CVSS: 4.7

Dokploy is a free, self-hostable Platform as a Service (PaaS). In versions prior to 0.26.6, the Dokploy web interface is vulnerable to Clickjacking attacks due to missing frame-busting headers. This allows attackers to embed Dokploy pages in malicious iframes and trick authenticated users into performing unintended actions. Version 0.26.6 patches the issue.

Vendor

Dokploy

Product

Dokploy

CWE

CWE-1021

Yayın Tarihi

2026-01-28 01:16:14

Güncelleme

2026-02-04 17:58:11

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-1021 Dokploy MEDIUM Dokploy 2026

Referanslar

https://github.com/Dokploy/dokploy/commit/9714695d5a78fe24496f989ab81807ba04699df8 https://github.com/Dokploy/dokploy/pull/3500 https://github.com/Dokploy/dokploy/security/advisories/GHSA-c94j-8wgf-2q9q

Benzer Kayıtlar

High

CVE-2026-24840

Dokploy is a free, self-hostable Platform as a Service (PaaS). In versions prior to 0.26.6, a hardcoded credential in th…

Critical

CVE-2026-24841

Dokploy is a free, self-hostable Platform as a Service (PaaS). In versions prior to 0.26.6, a critical command injection…

Critical

CVE-2025-53825

Dokploy is a free, self-hostable Platform as a Service (PaaS). Prior to version 0.24.3, an unauthenticated preview deplo…

Low

CVE-2025-53374

Dokploy is a self-hostable Platform as a Service (PaaS) that simplifies the deployment and management of applications an…

Medium

CVE-2025-53375

Dokploy is a self-hostable Platform as a Service (PaaS) that simplifies the deployment and management of applications an…

Medium

CVE-2025-53376

Dokploy is a self-hostable Platform as a Service (PaaS) that simplifies the deployment and management of applications an…