CVE-2022-26252

MEDIUM

aaPanel 6.8.21 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-26252. PoCs published by Ghuliev.

AI-analyzed exploit summary This exploit demonstrates an authenticated directory traversal vulnerability in aaPanel 6.8.21, allowing an attacker to read arbitrary files such as the root user's private SSH key by manipulating the installation script path in an AJAX request.

Description

aaPanel v6.8.21 was discovered to be vulnerable to directory traversal. This vulnerability allows attackers to obtain the root user private SSH key(id_rsa).

Exploits (1)

exploitdb WORKING POC

by Ghuliev · textwebappslinux

https://www.exploit-db.com/exploits/50780

View Code ZIP pw:eip

This exploit demonstrates an authenticated directory traversal vulnerability in aaPanel 6.8.21, allowing an attacker to read arbitrary files such as the root user's private SSH key by manipulating the installation script path in an AJAX request.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: aaPanel 6.8.21

Auth required

Prerequisites: Authenticated access to the aaPanel interface · Ability to send crafted HTTP requests

MITRE ATT&CK

T1006 - Direct Volume Access T1083 - File and Directory Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

https://www.exploit-db.com/exploits/50780

Scores

CVSS v3 6.5

EPSS 0.0175

EPSS Percentile 75.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-22

Status published

Products (1)

aapanel/aapanel 6.8.21

Published Mar 27, 2022

Tracked Since Feb 18, 2026