PT-2026-5044 · Dokploy · Dokploy
Agenthits
·
Published
2026-01-28
·
Updated
2026-01-28
·
CVE-2026-24839
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Dokploy versions prior to 0.26.6
Description
Dokploy is a self-hostable Platform as a Service (PaaS). The web interface is susceptible to Clickjacking attacks because of missing frame-busting headers. This allows attackers to embed Dokploy pages within malicious iframes, potentially deceiving authenticated users into performing actions they did not intend.
Recommendations
Update to version 0.26.6 or later.
Exploit
Fix
Clickjacking
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dokploy