1panel-dev 1panel
16 CVEs affecting 1panel-dev 1panel. Latest disclosed: 2026-01-18. Critical: 2, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-39911 | Critical | 10.0 | 2024-07-18 | 1Panel is a web-based linux server management control panel. 1Panel contains an unspecified sql injection via User-Agent handling. This issue has been addresse… |
CVE-2024-39907 | Critical | 9.8 | 2024-07-18 | 1Panel is a web-based linux server management control panel. There are many sql injections in the project, and some of them are not well filtered, leading to a… |
CVE-2025-54424 | High | 8.1 | 2025-08-01 | 1Panel is a web interface and MCP Server that manages websites, files, containers, databases, and LLMs on a Linux server. In versions 2.0.5 and below, the HTTP… |
CVE-2025-66507 | High | 7.5 | 2025-12-09 | 1Panel is an open-source, web-based control panel for Linux server management. Versions 2.0.13 and below allow an unauthenticated attacker to disable CAPTCHA v… |
CVE-2023-39966 | High | 7.5 | 2023-08-10 | 1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, an arbitrary file write vulnerability could lead to direct… |
CVE-2023-39964 | High | 7.5 | 2023-08-10 | 1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, arbitrary file reads allow an attacker to read arbitrary im… |
CVE-2023-37477 | High | 7.2 | 2023-07-18 | 1Panel is an open source Linux server operation and maintenance management panel. An OS command injection vulnerability exists in 1Panel firewall functionality… |
CVE-2025-66508 | Medium | 6.5 | 2025-12-09 | 1Panel is an open-source, web-based control panel for Linux server management. Versions 2.0.14 and below use Gin's default configuration which trusts all IP ad… |
CVE-2024-34352 | Medium | 6.5 | 2024-05-09 | 1Panel is an open source Linux server operation and maintenance management panel. Prior to v1.10.3-lts, there are many command injections in the project, and… |
CVE-2024-24768 | Medium | 6.5 | 2024-02-05 | 1Panel is an open source Linux server operation and maintenance management panel. The HTTPS cookie that comes with the panel does not have the Secure keyword… |
CVE-2023-39965 | Medium | 6.5 | 2023-08-10 | 1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, authenticated attackers can download arbitrary files throug… |
CVE-2026-23525 | Medium | 6.4 | 2026-01-18 | 1Panel is an open-source, web-based control panel for Linux server management. A stored Cross-Site Scripting (XSS) vulnerability exists in the 1Panel App Store… |
CVE-2024-27288 | Medium | 6.3 | 2024-03-06 | 1Panel is an open source Linux server operation and maintenance management panel. Prior to version 1.10.1-lts, users can use Burp to obtain unauthorized access… |
CVE-2023-36457 | Medium | 6.3 | 2023-07-05 | 1Panel is an open source Linux server operation and maintenance management panel. Prior to version 1.3.6, an authenticated attacker can craft a malicious paylo… |
CVE-2023-36458 | Medium | 6.3 | 2023-07-05 | 1Panel is an open source Linux server operation and maintenance management panel. Prior to version 1.3.6, an authenticated attacker can craft a malicious paylo… |
CVE-2024-30257 | Low | 3.9 | 2024-04-18 | 1Panel is an open source Linux server operation and maintenance management panel. The password verification in the source code uses the != symbol instead hmac… |