PT-2026-55695 · Hestiacp · Hestiacp

Prjblk

·

Published

2026-07-04

·

Updated

2026-07-04

·

CVE-2026-12196

CVSS v4.0

8.3

High

VectorAV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N
Name of the Vulnerable Software and Affected Versions HestiaCP (affected versions not specified)
Description The panel cronjob feature contains a broken access control flaw. This allows users with low privileges to modify the panel cronjob to execute HestiaCP management scripts using passwordless sudo, which can lead to the takeover of administrator accounts within the application and the underlying webserver.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-12196

Affected Products

Hestiacp