What is CVE-2026-41473?

CVE-2026-41473 is a critical-severity vulnerability in Cyberpanel, classified under Missing Authentication for Critical Function. CVSS score: 9.1/10. Published 2026-04-24.

How severe is CVE-2026-41473?

Critical severity. CVSS v3 base score is 9.1 out of 10.

Auth bypass in Cyberpanel

CVE-2026-41473

CyberPanel versions prior to 2.4.4 contain an authentication bypass vulnerability in the AI Scanner worker API endpoints that allows unauthenticated remote attackers to write arbitrary data to the database by sending requests to the /api/a…

Vulnerability class: Broken Authentication

EPSS: 0.010 (77.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.1 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H.

Affected products

Cyberpanel
Usmannasir Cyberpanel — versions 0, 0a099b1b193946555fbdd387a28486b1521f9961

Weakness classification (CWE)

CWE-306 — Missing Authentication for Critical Function

References

disclosure@vulncheck.com (Exploit, technical-description, Third Party Advisory, exploit, Mitigation)
disclosure@vulncheck.com (Patch, patch)
disclosure@vulncheck.com (Third Party Advisory, third-party-advisory)

Frequently asked questions

What is CVE-2026-41473?: CVE-2026-41473 is a critical-severity vulnerability in Cyberpanel, classified under Missing Authentication for Critical Function. CVSS score: 9.1/10. Published 2026-04-24.
How severe is CVE-2026-41473?: Critical severity. CVSS v3 base score is 9.1 out of 10.