๐Ÿ” CVE Alert

CVE-2026-12196

UNKNOWN 0.0

HestiaCP Admin Takeover

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

HestiaCP panel cronjob feature is affected by a broken access control vulnerability. Low privilege users can modify the panel cronjob to execute scripts HestiaCP management scripts with passwordless sudo. This could result in the takeover of administrator users in the application and the underlying webserver.

CWE CWE-287
Vendor hestiacp
Product hestiacp
Published Jul 4, 2026
Stay Ahead of the Next One

Get instant alerts for hestiacp hestiacp

Be the first to know when new unknown vulnerabilities affecting hestiacp hestiacp are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

hestiacp / hestiacp
0 < 8be23943c7e3231f66d226ca931c76f93be98412

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
github.com: https://github.com/hestiacp/hestiacp/pull/5440 projectblack.io: https://projectblack.io/blog/hestiacp-admin-takeover-rce/