PT-2026-26135 · Aapanel · Aapanel

Michal Biesiada

Publicado

2026-03-18

Atualizado

2026-03-19

CVE-2026-29859

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions aaPanel version 7.57.0

Description An arbitrary file upload issue exists in aaPanel version 7.57.0. This allows attackers to execute arbitrary code by uploading a specially crafted file. The vulnerability involves the ability to upload files without proper validation, potentially leading to code execution.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Unrestricted File Upload

XSS

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-434CWE-79CWE-94

Identificadores relacionados

CVE-2026-29859

Produtos afetados

Aapanel

PT-2026-26135 · Aapanel · Aapanel

CVE-2026-29859

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5