CVE-2026-12196

HestiaCP panel cronjob feature is affected by a broken access control vulnerability. Low privilege users can modify the panel cronjob to execute scripts HestiaCP management scripts with passwordless sudo. This could result in the takeover of administrator users in the application and the underlying webserver.
CVSS

No CVSS.

Configurations

No configuration.

History

04 Jul 2026, 12:16

Type Values Removed Values Added
New CVE

Information

Published : 2026-07-04 12:16

Updated : 2026-07-06 19:43


NVD link : CVE-2026-12196

Mitre link : CVE-2026-12196

CVE.ORG link : CVE-2026-12196


JSON object : View

Products Affected

No product.

CWE
CWE-287

Improper Authentication