Description
HestiaCP panel cronjob feature is affected by a broken access control vulnerability. Low privilege users can modify the panel cronjob to execute scripts HestiaCP management scripts with passwordless sudo. This could result in the takeover of administrator users in the application and the underlying webserver.
References (2)
Core 2
Core References
Patch patch
https://github.com/hestiacp/hestiacp/pull/5440
Exploit exploit
https://projectblack.io/blog/hestiacp-admin-takeover-rce/
Scores
CVSS v4
8.3
EPSS
0.0026
EPSS Percentile
16.9%
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-287
Status
published
Products (1)
hestiacp/hestiacp
< 8be23943c7e3231f66d226ca931c76f93be98412
Published
Jul 04, 2026
Tracked Since
Jul 04, 2026