← Volver a CVEs
CVE-2026-24839
MEDIUM4.7
Descripcion
Dokploy is a free, self-hostable Platform as a Service (PaaS). In versions prior to 0.26.6, the Dokploy web interface is vulnerable to Clickjacking attacks due to missing frame-busting headers. This allows attackers to embed Dokploy pages in malicious iframes and trick authenticated users into performing unintended actions. Version 0.26.6 patches the issue.
Detalles CVE
Puntuacion CVSS v3.14.7
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioREQUIRED
Publicado1/28/2026
Ultima modificacion2/4/2026
Fuentenvd
Avistamientos honeypot0
Productos afectados
dokploy:dokploy
Debilidades (CWE)
CWE-1021
Referencias
https://github.com/Dokploy/dokploy/commit/9714695d5a78fe24496f989ab81807ba04699df8(security-advisories@github.com)
https://github.com/Dokploy/dokploy/pull/3500(security-advisories@github.com)
https://github.com/Dokploy/dokploy/security/advisories/GHSA-c94j-8wgf-2q9q(security-advisories@github.com)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.