CVE-2026-24839

Name of the Vulnerable Software and Affected Versions Dokploy versions prior to 0.26.6

Description Dokploy is a self-hostable Platform as a Service (PaaS). The web interface is susceptible to Clickjacking attacks because of missing frame-busting headers. This allows attackers to embed Dokploy pages within malicious iframes, potentially deceiving authenticated users into performing actions they did not intend.

Recommendations Update to version 0.26.6 or later.