PatchSiren

Ajenti CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

Review Ajenti CVE published 2026-07-06

CVE-2026-38979

CVE-2026-38979 is a clickjacking vulnerability in ajenti through v2.2.13, affecting the browser-facing login and administrative UI. The vulnerability is caused by the lack of anti-framing protections in the ajenti-core/aj/http.py file. The core HTTP response path initializes an empty header list, forwards handler-added headers verbatim, and finalizes responses through WSGI start_response() without adding [truncated]