CVE-2026-41472

Name of the Vulnerable Software and Affected Versions CyberPanel versions prior to 2.4.4

Description A stored cross-site scripting issue exists in the AI Scanner dashboard. The endpoint '/api/ai-scanner/callback' does not require authentication, allowing unauthenticated attackers to inject malicious JavaScript by overwriting the findings json field of ScanHistory records. This script executes within an administrator's authenticated session upon visiting the AI Scanner dashboard, which can be used to issue same-origin requests to plant cron jobs and achieve remote code execution on the server.

Recommendations Update to version 2.4.4 or later.