EUVD-2026-21577

| CVE-2026-40178 MEDIUM
2026-04-10 GitHub_M GHSA-8647-755q-fw9p
6.9
CVSS 4.0
Share

CVSS Vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

4
Patch Released
Apr 11, 2026 - 02:30 nvd
Patch available
Analysis Generated
Apr 10, 2026 - 20:15 vuln.today
EUVD ID Assigned
Apr 10, 2026 - 20:15 euvd
EUVD-2026-21577
CVE Published
Apr 10, 2026 - 19:30 nvd
MEDIUM 6.9

Tags

Authentication Bypass Ajenti

Description

ajenti.plugin.core defines all necessary core elements to allow Ajenti to run properly. Prior to 0.112, if the 2FA was activated, it was possible during a short moment after the authentication of an user to bypass its authentication. This vulnerability is fixed in 0.112.

Analysis

Remote authentication bypass in Ajenti prior to version 0.112 allows unauthenticated network attackers to circumvent two-factor authentication during a brief post-authentication window with high attack complexity. The vulnerability affects the core authentication mechanism in ajenti.plugin.core and permits attackers to gain high-confidence access to protected resources; the vendor released patched version 0.112 to resolve this issue.

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

34
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +34
POC: 0

Share

EUVD-2026-21577 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy