myVesta is affected by an authenticated remote code execution vulnerability. Low privileged users can insert arbitrary commands as a part of the v_ftp_user parameter when deleting FTP usernames. This could result in the execution of commands as the admin user or takevoer of the admin user in myVesta.
CVSS
No CVSS.
References
Configurations
No configuration.
History
04 Jul 2026, 12:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-07-04 12:16
Updated : 2026-07-06 19:43
NVD link : CVE-2026-12195
Mitre link : CVE-2026-12195
CVE.ORG link : CVE-2026-12195
JSON object : View
Products Affected
No product.
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
