HestiaCP panel cronjob feature is affected by a broken access control vulnerability. Low privilege users can modify the panel cronjob to execute scripts HestiaCP management scripts with passwordless sudo. This could result in the takeover of administrator users in the application and the underlying webserver.
CVSS
No CVSS.
References
Configurations
No configuration.
History
04 Jul 2026, 12:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-07-04 12:16
Updated : 2026-07-06 19:43
NVD link : CVE-2026-12196
Mitre link : CVE-2026-12196
CVE.ORG link : CVE-2026-12196
JSON object : View
Products Affected
No product.
CWE
CWE-287
Improper Authentication
