← Voltar para CVEs
CVE-2026-24839
MEDIUM4.7
Descricao
Dokploy is a free, self-hostable Platform as a Service (PaaS). In versions prior to 0.26.6, the Dokploy web interface is vulnerable to Clickjacking attacks due to missing frame-busting headers. This allows attackers to embed Dokploy pages in malicious iframes and trick authenticated users into performing unintended actions. Version 0.26.6 patches the issue.
Detalhes CVE
Pontuacao CVSS v3.14.7
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioREQUIRED
Publicado1/28/2026
Ultima modificacao2/4/2026
Fontenvd
Avistamentos honeypot0
Produtos afetados
dokploy:dokploy
Fraquezas (CWE)
CWE-1021
Referencias
https://github.com/Dokploy/dokploy/commit/9714695d5a78fe24496f989ab81807ba04699df8(security-advisories@github.com)
https://github.com/Dokploy/dokploy/pull/3500(security-advisories@github.com)
https://github.com/Dokploy/dokploy/security/advisories/GHSA-c94j-8wgf-2q9q(security-advisories@github.com)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.