CVE-2022-2626
HIGHGitHub hestiacp/hestiacp <1.6.6 - Privilege Escalation
Title source: llmDescription
Incorrect Privilege Assignment in GitHub repository hestiacp/hestiacp prior to 1.6.6.
References (2)
Core 2
Core References
Exploit, Patch, Third Party Advisory x_refsource_confirm
https://huntr.dev/bounties/704aacc9-edff-4da5-90a6-4adf8dbf36fe
Patch, Third Party Advisory x_refsource_misc
https://github.com/hestiacp/hestiacp/commit/b178b9719bb2c98cf8a6db70065086f596afad81
Scores
CVSS v3
7.2
EPSS
0.0037
EPSS Percentile
58.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-266
Status
published
Products (1)
hestiacp/control_panel
< 1.6.6
Published
Aug 05, 2022
Tracked Since
Feb 18, 2026