Ctrlpanel-gg Panel
7 CVEs affecting Ctrlpanel-gg Panel. Latest disclosed: 2026-05-19. Critical: 1, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-34234 | Critical | 10.0 | 2026-05-19 | CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, the web-based installer (public/installer/index.php) is vulnerabl… |
CVE-2026-34241 | High | 8.7 | 2026-05-19 | CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contain a Stored Cross-Site Scripting (XSS) vulnerability in the tick… |
CVE-2026-34358 | High | 8.1 | 2026-05-19 | CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contains a broken access control vulnerability where multiple admin c… |
CVE-2025-25203 | High | 8.1 | 2025-02-11 | CtrlPanel is open-source billing software for hosting providers. Prior to version 1.0, a Cross-Site Scripting (XSS) vulnerability exists in the `TicketsControl… |
CVE-2026-34216 | Medium | 6.6 | 2026-05-19 | CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, the admin settings update endpoint accepted a fully qualified cla… |
CVE-2026-34233 | Medium | 6.5 | 2026-05-19 | CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, multiple admin controllers expose DataTable endpoints without aut… |
CVE-2026-34246 | Medium | 4.8 | 2026-05-19 | CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contain a Stored Cross-Site Scripting (XSS) vulnerability exists in t… |