PT-2026-32032 · Ajenti · Ajenti-Plugin-Core

Published

2026-04-10

Updated

2026-04-10

CVE-2026-40178

CVSS v4.0

6.9

Medium

Vector

AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

Name of the Vulnerable Software and Affected Versions ajenti.plugin.core versions prior to 0.112

Description Prior to version 0.112, a timing issue allowed bypassing two-factor authentication (2FA) immediately after a user's successful authentication. This occurred during a brief window after authentication but before the 2FA mechanism was fully engaged.

Recommendations Upgrade to version 0.112.

Fix

Improper Authentication

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287CWE-362

Related Identifiers

CVE-2026-40178

GHSA-8647-755Q-FW9P

Affected Products

Ajenti-Plugin-Core

PT-2026-32032 · Ajenti · Ajenti-Plugin-Core

CVE-2026-40178

Weakness Enumeration

Related Identifiers

Affected Products

References · 5