Auth bypass in Ajenti

CVE-2026-40178

ajenti.plugin.core defines all necessary core elements to allow Ajenti to run properly. Prior to 0.112, if the 2FA was activated, it was possible during a short moment after the authentication of an user to bypass its authentication. This…

Vulnerability class: Broken Authentication

EPSS: 0.000 (4.5th percentile) — read the EPSS interpretation.