CVE-2026-40178

CVSS v4.0

6.9

Medium

AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

ajenti.plugin.core defines all necessary core elements to allow Ajenti to run properly. Prior to 0.112, if the 2FA was activated, it was possible during a short moment after the authentication of an user to bypass its authentication. This vulnerability is fixed in 0.112.

Fix

Race Condition

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362CWE-287

Related Identifiers

CVE-2026-40178

Affected Products

Ajenti

CVE-2026-40178

Weakness Enumeration

Related Identifiers

Affected Products

References · 2