PT-2026-30020 · Pypi · Ajenti-Panel
Published
2026-04-03
·
Updated
2026-04-03
·
CVE-2026-35175
CVSS v4.0
7.2
High
| AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:L/SA:L |
Impact
An authenticated user (using the
auth users plugin authentication method) could install a custom package even if this user is not superuser.Patches
This is fixed in the version 2.2.15. Users should upgrade to this version as soon as possible.
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ajenti-Panel