CVE-2026-24839 — MEDIUM (4.7)

Q: How severe is CVE-2026-24839?

CVE-2026-24839 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2026-24839?

Check the references section above for vendor advisories and patch information. Affected products include: Dokploy Dokploy.

Vulnerability Description

Dokploy is a free, self-hostable Platform as a Service (PaaS). In versions prior to 0.26.6, the Dokploy web interface is vulnerable to Clickjacking attacks due to missing frame-busting headers. This allows attackers to embed Dokploy pages in malicious iframes and trick authenticated users into performing unintended actions. Version 0.26.6 patches the issue.

CVSS Score

4.7

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Dokploy	Dokploy	< 0.26.6

Related Weaknesses (CWE)

CWE-1021

References

https://github.com/Dokploy/dokploy/commit/9714695d5a78fe24496f989ab81807ba04699dPatch
https://github.com/Dokploy/dokploy/pull/3500Issue Tracking
https://github.com/Dokploy/dokploy/security/advisories/GHSA-c94j-8wgf-2q9qExploitVendor Advisory

FAQ

What is CVE-2026-24839?

CVE-2026-24839 is a vulnerability with a CVSS score of 4.7 (MEDIUM). Dokploy is a free, self-hostable Platform as a Service (PaaS). In versions prior to 0.26.6, the Dokploy web interface is vulnerable to Clickjacking attacks due to missing frame-busting headers. This a...

How severe is CVE-2026-24839?

CVE-2026-24839 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-24839?

Check the references section above for vendor advisories and patch information. Affected products include: Dokploy Dokploy.