Name of the Vulnerable Software and Affected Versions:

1Panel versions 2.0.5 and below

Description:

1Panel is a web interface and MCP Server that manages websites, files, containers, databases, and LLMs on a Linux server. The HTTPS protocol used for communication between the Core and Agent endpoints has incomplete certificate verification during certificate validation, leading to unauthorized interface access. This can result in Remote Code Execution (RCE) due to the presence of numerous command execution or high-privilege interfaces within 1Panel.

Recommendations:

Update to version 2.0.6 or later.