Clickjacking Vulnerability in Dokploy Platform by Dokploy
CVE-2026-24839

4.7MEDIUM

Key Information:

Vendor

Dokploy

Status
Dokploy
Vendor
CVE Published:
28 January 2026

What is CVE-2026-24839?

Dokploy, a self-hostable Platform as a Service (PaaS), is susceptible to Clickjacking attacks in versions prior to 0.26.6. This vulnerability arises from the absence of frame-busting headers, which permits malicious users to embed Dokploy's web interface within harmful iframes. This can lead to unintentional actions taken by authenticated users, posing significant security risks. To mitigate this threat, it is essential for users to update to version 0.26.6 or later.

Affected Version(s)

dokploy < 0.26.6

References

https://github.com/Dokploy/dokploy/security/advisories/GH...
x_refsource_CONFIRM
https://github.com/Dokploy/dokploy/pull/3500
x_refsource_MISC
https://github.com/Dokploy/dokploy/commit/9714695d5a78fe2...
x_refsource_MISC

CVSS V3.1

Score:
4.7
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.