CVE-2026-35175

UNKNOWN 0.0

Ajenti has an authorization bypass during custom package installation

CVSS Score

0.0

EPSS Score

0.1%

EPSS Percentile

19th

Ajenti is a Linux and BSD modular server admin panel. Prior to 2.2.15, an authenticated user (using the auth_users plugin authentication method) could install a custom package even if this user is not superuser. This vulnerability is fixed in 2.2.15.

CWE	CWE-862
Vendor	ajenti
Product	ajenti
Published	Apr 6, 2026
Last Updated	Apr 7, 2026

Stay Ahead of the Next One

Get instant alerts for ajenti ajenti

Be the first to know when new unknown vulnerabilities affecting ajenti ajenti are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

ajenti / ajenti

< 2.2.15

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/ajenti/ajenti/security/advisories/GHSA-73jv-44c3-j5p2 github.com: https://github.com/ajenti/ajenti/releases/tag/v2.2.15