Description
ajenti.plugin.core defines all necessary core elements to allow Ajenti to run properly. Prior to 0.112, if the 2FA was activated, it was possible to bypass the password authentication This vulnerability is fixed in 0.112.
References (1)
Core 1
Core References
X_Refsource_Confirm x_refsource_confirm
https://github.com/ajenti/ajenti/security/advisories/GHSA-3mcx-6wxm-qr8v
Scores
CVSS v3
7.5
EPSS
0.0033
EPSS Percentile
24.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-287
Status
published
Products (3)
ajenti/ajenti
< 0.112
ajenti/ajenti_plugin_core
< 0.112
pypi/ajenti.plugin.core
0 - 0.112PyPI
Published
Apr 10, 2026
Tracked Since
Apr 11, 2026