Auth bypass in Hestiacp
CVE-2026-12196
HestiaCP panel cronjob feature is affected by a broken access control vulnerability. Low privilege users can modify the panel cronjob to execute scripts HestiaCP management scripts with passwordless sudo. This could result in the takeover…
Vulnerability class: Broken Authentication
Affected products
- Hestiacp — versions 0
Weakness classification (CWE)
References
- ab69c47f-b95e-4bf2-b2d9-4b1fd1b24b4a (patch)
- ab69c47f-b95e-4bf2-b2d9-4b1fd1b24b4a (exploit)