Review
Ajenti
CVE published 2026-07-06
CVE-2026-38979
CVE-2026-38979 is a clickjacking vulnerability in ajenti through v2.2.13, affecting the browser-facing login and administrative UI. The vulnerability is caused by the lack of anti-framing protections in the ajenti-core/aj/http.py file. The core HTTP response path initializes an empty header list, forwards handler-added headers verbatim, and finalizes responses through WSGI start_response() without adding [truncated]