Auth bypass in Hestiacp

CVE-2026-12196

HestiaCP panel cronjob feature is affected by a broken access control vulnerability. Low privilege users can modify the panel cronjob to execute scripts HestiaCP management scripts with passwordless sudo. This could result in the takeover…

Vulnerability class: Broken Authentication

Affected products

Weakness classification (CWE)

References