CVE-2026-41473

Name of the Vulnerable Software and Affected Versions CyberPanel versions prior to 2.4.4

Description An authentication bypass in the AI Scanner worker API endpoints allows unauthenticated remote attackers to write arbitrary data to the database. This is achieved by sending requests to the endpoints '/api/ai-scanner/status-webhook' and '/api/ai-scanner/callback'. Exploitation of this flaw can lead to denial of service through storage exhaustion, corruption of scan history records, and pollution of database fields with malicious data.

Recommendations Update to version 2.4.4 or later.