PT-2026-55693 · Myvesta · Vesta
Eddie Zhang
·
Published
2026-07-04
·
Updated
2026-07-04
·
CVE-2026-12195
CVSS v4.0
8.5
High
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H |
myVesta is affected by an authenticated remote code execution vulnerability. Low privileged users can insert arbitrary commands as a part of the v ftp user parameter when deleting FTP usernames. This could result in the execution of commands as the admin user or takevoer of the admin user in myVesta.
Exploit
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Vesta