PT-2026-55695 · Hestiacp · Hestiacp
Prjblk
·
Published
2026-07-04
·
Updated
2026-07-04
·
CVE-2026-12196
CVSS v4.0
8.3
High
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
HestiaCP (affected versions not specified)
Description
The panel cronjob feature contains a broken access control flaw. This allows users with low privileges to modify the panel cronjob to execute HestiaCP management scripts using passwordless sudo, which can lead to the takeover of administrator accounts within the application and the underlying webserver.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hestiacp