Skip to main content

EUVDEUVD-2026-41671

| CVE-2026-12196 HIGH
Improper Authentication (CWE-287)
2026-07-04 ab69c47f-b95e-4bf2-b2d9-4b1fd1b24b4a GHSA-w5xj-cqgx-j5qj
8.3
CVSS 4.0 · Vendor: ab69c47f-b95e-4bf2-b2d9-4b1fd1b24b4a
Share

Severity by source

Vendor (ab69c47f-b95e-4bf2-b2d9-4b1fd1b24b4a) PRIMARY
8.3 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from Vendor (ab69c47f-b95e-4bf2-b2d9-4b1fd1b24b4a) · only source for this CVE.

CVSS VectorVendor: ab69c47f-b95e-4bf2-b2d9-4b1fd1b24b4a

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

2
Patch available
Jul 04, 2026 - 13:01 EUVD
Analysis Generated
Jul 04, 2026 - 12:31 vuln.today

DescriptionCVE.org

HestiaCP panel cronjob feature is affected by a broken access control vulnerability. Low privilege users can modify the panel cronjob to execute scripts HestiaCP management scripts with passwordless sudo. This could result in the takeover of administrator users in the application and the underlying webserver.

AnalysisAI

Privilege escalation and remote code execution in the HestiaCP control panel allows an authenticated low-privilege user to abuse the panel's cronjob feature, which invokes HestiaCP management scripts via passwordless sudo, to run arbitrary commands and seize administrator accounts and the underlying webserver. Because the cronjob editor lets an ordinary panel user schedule execution of privileged v-scripts, the flaw yields a straight path from a normal hosting account to full host compromise. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Recommended ActionAI

24 hours: Verify HestiaCP deployment status across all systems; disable the cronjob feature or restrict scheduler access to administrators only; enable comprehensive audit logging for sudo invocations and cronjob actions; search access logs for exploitation indicators (non-admin cronjob scheduling, unexpected privilege escalation). …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-41671 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy