PT-2026-30020 · Ajenti · Auth Users Plugin+1
Thien225409
·
Published
2026-04-03
·
Updated
2026-04-06
·
CVE-2026-35175
CVSS v4.0
7.2
High
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:L/SA:L |
Name of the Vulnerable Software and Affected Versions
Ajenti versions prior to 2.2.15
Description
A user authenticated with the
auth users plugin could install a custom package even without superuser privileges.Recommendations
Upgrade to version 2.2.15.
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ajenti
Auth Users Plugin