CVE-2026-12196
HestiaCP Admin Takeover
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
HestiaCP panel cronjob feature is affected by a broken access control vulnerability. Low privilege users can modify the panel cronjob to execute scripts HestiaCP management scripts with passwordless sudo. This could result in the takeover of administrator users in the application and the underlying webserver.
| CWE | CWE-287 |
| Vendor | hestiacp |
| Product | hestiacp |
| Published | Jul 4, 2026 |
Stay Ahead of the Next One
Get instant alerts for hestiacp hestiacp
Be the first to know when new unknown vulnerabilities affecting hestiacp hestiacp are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
hestiacp / hestiacp
0 < 8be23943c7e3231f66d226ca931c76f93be98412