216.73.217.172

CVE-2026-12196

· Published 04/07/2026 14:16 · Author: The MITRE Corporation

Labels: CVE-2026-12196

Essential information

Published
04/07/2026 14:16
Modified
Author
The MITRE Corporation
Creator
The MITRE Corporation
CVSS
8.3 HIGH (v4.0)
CISA KEV
No
CWE
CWE-287
CVSS vector

CVSS metrics

Description

HestiaCP panel cronjob feature is affected by a broken access control vulnerability. Low privilege users can modify the panel cronjob to execute scripts HestiaCP management scripts with passwordless sudo. This could result in the takeover of administrator users in the application and the underlying webserver.

NVD status

NVD
View on NVD